Google shares more details about trailblazing attacks on Android and Windows devices
Advice from Google once again highlights importance of keeping all your devices updated
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Googlehas published an extensive report about a sophisticated attack that targeted bothAndroidand Windows devices.
The report is part of a series of blog posts dubbed “In-the-Wild” that are produced jointly by Google’s zero-day bug-hunting team, Project Zero, together with the Google Threat Analysis Group (TAG).
The investigation found that devices lacking the latest security updates were once again easy prey to hackers.
Complex and well-engineered
Thefirst postshares extensive details about the attack that Google got wind of in early 2020.
The attacks were carried out using two exploit servers, each of whom used a different exploit chain to compromise potential targets, via what are known aswatering hole attacks. While one server targeted Windows users, the other focused on Android.
The post also reveals that both exploit servers usedvulnerabilities in Google Chrometo compromise the victim’s browser, before deploying an OS-level exploit to gain more control over the device.
After analyzing the well-engineered and complex exploit chains that used innovative exploitation methods, for months, security researchers at the search engine believe that they are the work of a team of experts.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Given the nature of the attacks, Google believes the attackers had access to Android zero-day exploits, although they couldn’t find any of the exploit servers. In any case, the researchers report that both Google andMicrosoftsoon released patches to fix the vulnerabilities, once knowledge of the attack came to light.
“We hope that by sharing this information publicly, we are continuing to close the knowledge gap between private exploitation (what well resourced exploitation teams are doing in the real world) and what is publicly known,” conclude the researchers.
Via:ZDNet
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind
