Forensic Companies Exploiting Android Zero-Day Bugs in Pixel Phones Warns Google
Two zero-day vulnerabilities in Pixel phones have been patched in the April 2024 security update. Find out more about the flaws forensic firms were actively exploiting in the wild and what it means for Pixel users.
- Google has sent out a security alert for Pixel smartphone users, warning about the exploitation of zero-day flaws by forensic companies to extract personal data.
- The vulnerabilities, CVE-2024-29745 and CVE-2024-29748, enable information disclosure and privilege escalation, respectively.
Google has issued warnings to Pixel smartphone users regarding the patching of two high-severity zero-day vulnerabilities on the Android OS. The flaws, CVE-2024-29745 and CVE-2024-29748, enable information disclosure and privilege escalation, respectively. According to Google, forensic firms have exploited both of these vulnerabilities in the wild.
The company has not released information about the attacks conducted by such firms. CVE-2024-29745 is a flaw in the fast-boot firmware that is key to the locking, unlocking, and flashing functionalities of Pixel smartphones. Forensic companies are leveraging the flaw by rebooting devices following the first unlock state in fastboot mode, enabling memory dumps.
See More: Open-Source Software Community Rocked by a Sophisticated Backdoor in XZ Utils
On the other hand, bad actors could leverage CVE-2024-29748 to interrupt factory resets triggered through the device admin API. Graphene OS discovered both vulnerabilities and provided Google with proof of exploitation on Android. The mobile operating system development firm has stated that Google’s patch is only a partial fix.
According to their report, devices that are turned off or have not been unlocked post reboots should have access to user data and encryption keys to prevent After First Unlock state exploits. The issue also highlights the need for smartphone companies to improve data protection through features such as auto-reboots, blocking USB, and wipe-without-reboot functionality to mitigate the chances of exploitation of firmware vulnerabilities.
What best practices do you follow to safeguard your device from threat actors? Share your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock