Google ’s Threat Analysis Group revealed new detail today about its effort to identify and assist patch up a zero - day exploit impacting Android gadget built by a commercial surveillance vendor and go steady back to at least 2016 . The research , presented at the Black Hat cybersecurity conference in Las Vegas , represent the latest attempt by Google to step up its feat against a develop individual surveillance diligence that ’s thriving , concord to the researcher .
The vulnerability in interrogation , cite to as CVE-2021 - 0920 , was azero - day“in the baseless ” exploit in a drivel collection mechanics within the Linux kernel , the core opus of software package that govern the intact Linux operating system . Google aver the attackers , using an exploit chain that included the exposure , were able to remotely gain control of users ’ devices .
Google says it has previously attributed a number of Android zero - daytime exploit to the developer behind CVE-2021 - 0920 . In this cause , a Google spokesperson told Gizmodo the surveillance vendor used “ several novel and unseen exploitation techniques to bypass live defensive mitigations . ” That , the spokesperson said , suggest the trafficker is well funded .
Photo: Justin Sullivan (Getty Images)
Though the CVE-2021 - 0920 vulnerability was patched last September in reception to Google ’s inquiry , they say the exploit was identified before 2016 and cover on the Linux Kernel Mailing List . A right patch was offered up at the clip , but Linux Foundation developer at long last rejected it . Google shared the public Linux kernel email thread from the clip which show discrepancy on whether or not to implement the patch .
“ Why would I use a patch that ’s an RFC , does n’t have a right commit message , lack a proper signoff , and also miss ACK ’s and feedback from other knowledgable developers , ” one developer wrote .
Responding to the Surveillance-for-Hire Era
Google has ramp up its crusade to discern and publicly identify spyware groups in late years , partly in response to the sheer increase in the number attack . Intestimonydelivered to the House Intelligence Committee before this yr , Google Threat Analysis Group Director Shane Huntley said , “ the growth of commercial-grade spyware marketer and hack - for - hire group has require increment in TAG [ threat analyses chemical group ] to counter these threats . ”
“ These marketer are enabling the proliferation of dangerous hacking putz , arming nation state actors that would not otherwise be capable to develop these potentiality in - house , ” Huntley said . “ While utilisation of surveillance technologies may be legal under national or international laws , they are witness to be used by some state actors for purposes antithetical to democratic values : aim dissidents , journalists , human rights worker , and resistance company politicians . ”
“ This industry looks like prosper . ” Huntley said .
Lucas Ropek contributed reporting .
Cybersecurity
Daily Newsletter
Get the best tech , science , and culture news in your inbox day by day .
News from the future tense , deliver to your present tense .
Please select your desired newssheet and put in your e-mail to promote your inbox .
You May Also Like
