Android phone users in India, CERT-In has a ‘spy warning’ for you

The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has issued an advisory for Android users with ‘High’ severity rating. As per the advisory, those who are using smartphones that do not run the latest Android 10 operating system are at a risk of snooping and attackers can exploit a newly-found vulnerability to spy on the user through “the phone’s microphone and camera and also track GPS location details on an affected device.”
Explaining the vulnerability, CERT-In said, “An Elevation of Privilege vulnerability named “StrandHogg 2.0” has been reported in the Google Android due to confused deputy flaw in the “startActivities()” of “ActivityStartController.java” which allow the attacker to hijack any app on an infected device. A local attacker could exploit this vulnerability by installing a malicious app on a device which can hide behind legitimate apps.” This vulnerability is present in Android operating systems versions prior to Android 10.0.
Exploiting this vulnerability, attackers can gain access to victim’s login credentials, SMS messages, photos, phone conversations, spy on the user through the phone’s microphone and camera and also track GPS location details on an affected device, it added.