Indian cyber security agency issues high risk warning for Android users, here is what you need to do

If you are using an Android smartphone, then the Indian Computer Emergency Response Team (CERT-In) has issued a security warning for you. The government's cybersecurity, in its latest CERT-In Advisory CIAD-2024-0013, has highlighted concerns over multiple vulnerabilities found in various versions of the Android operating system. Rated as a high severity warning, these vulnerabilities, if exploited, can allow hackers to take over your smartphones.

According to CERT-In, multiple vulnerabilities have been identified in Android that could be exploited by malicious actors for various purposes, such as obtaining sensitive information, gaining elevated privileges, executing arbitrary code, or causing denial of service conditions on the targeted system. "These vulnerabilities exist in Android due to flaws in Framework, System, AMLogic, Arm components, MediaTek components, Qualcomm components & Qualcomm closed-source components," notes the vulnerability note.

What are the risks?

If attackers exploit these vulnerabilities, they could:

• Steal sensitive information: This includes your login credentials, messages, photos, contacts, and financial data.
• Gain control of your phone: Attackers could take complete control of your phone, allowing them to install malicious apps, steal data, or even spy on you.
• Cause denial-of-service (DoS): Attackers could render your phone unusable by overwhelming it with requests.

Which phones are affected?

These vulnerabilities affect a wide range of Android devices, including phones running Android versions 12, 12L, 13, and 14.

To keep your devices safe, CERT-In has urged users to apply appropriate updates promptly when made available by their respective Original Equipment Manufacturers (OEMs). These updates typically include patches and fixes to address the identified vulnerabilities and improve the security posture of the Android system. The good news is that Google has already released fixes for the highlighted vulnerabilities, and the latest Android Security Bulletin-March 2024 contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-03-05 or later address all of these issues.

"Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP," reads the Security Bulletin.

So, users are advised to update their Android OS with the latest security patch by following these steps:

This update will patch the vulnerabilities and protect your device. Meanwhile, if you have not received the notification, don't wait for it. You can usually check for updates by going to your phone's settings menu and navigating to the "Software update" or "System update" section.

Additionally, be cautious about what you download: Only download apps from trusted sources like the Google Play Store. Avoid downloading apps from unknown websites or third-party app stores. Keep security software up-to-date: If you use any security software on your phone, make sure it's up-to-date to detect and block potential threats.