From Samsung to Huawei, Android smartphones are some of the most popular handheld devices around the world. But if you use an Android smartphone, a new report may encourage you to rethink which apps you have installed. Researchers from Check Point have warned that several popular apps let hackers copy your password and break into your account. The apps were found to contain a vulnerability known as CVE-2020-8913 that lets attackers inject malicious code into apps, granting access to your phone data - including passwords, messages and photos.
Thankfully, Google has now fixed the issue, although Check Point estimates that hundreds of millions of users have been affected. Aviran Hazum, Check Point’s Manager of Mobile Research said: “We’re estimating that hundreds of millions of Android users are at a security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries. The vulnerability CVE-2020-8913 is highly dangerous. If a malicious application exploits this vulnerability, it can gain code execution inside popular applications, obtaining the same access as the vulnerable application.
“For example, the vulnerability could allow a threat actor to steal two-factor authentications codes or inject code into banking applications to grab credentials. Or, a threat actor could inject code into social media applications to spy on victims or inject code into all IM apps to grab all messages. The attack possibilities here are only limited by a threat actor’s imagination.”
Based on the findings, the researchers advise that customers install a mobile threat defence solution on their smartphone. The apps affected include several popular apps: