How October Update on Android 10 fixed Zero-day Vulnerability?

Google released the latest version of its Android mobile operating system, Android 10 on September 3rd, 2019. Android 10 comes with a host of new features as well as improvements over the previous versions.

Android 10 witnessed its first major post-launch update in October 2019. This update is for all android phones including pixel smartphones. The purpose of releasing this update was to resolve the major issue of Zero-day vulnerability.

What is Zero Day Vulnerability?

The name Zero-day signifies that the software developer has the time of zero days to fix the bug, once the security bug is detected & when the bug attacks the system for the first time. In other words, the developer has zero days or very little time to fix the bug.

Vulnerability refers to the weakness in the software. This weakness is exploited by hackers for malicious purposes.

Zero-day refers to a flaw in the security of software that puts the system at risk of being exploited by cybercriminals & hackers. The security of the device infected by the zero-day bug is at risk. The infected device is under the complete control of the hackers.

Hackers can take advantage of the weakness in the system to gain full access to the system. After having full access, the hacker can install malicious software that can capture confidential data & information.

The hackers can use this information for unauthorized fund transfers or send fake messages to all the contacts. This can result in huge monetary losses to the company.

This issue was addressed initially in other operating systems such as Linux Kernel 4.14 LTS release & earlier versions of android.

The fix that was developed was not introduced in the latest versions of the Android OS. This puts the latest android devices at risk of being attacked. Below are some of the vulnerable devices:-

• Google Pixel
• Google Pixel XL
• Google Pixel 2
• Google Pixel 2 XL
• Xiaomi Redmi 5A
• Huawei P20
• Xiaomi Redmi Note 5
• Oppo A3
• Xiaomi Mi A1
• LG phones on Android Oreo
• Moto Z3
• Samsung Galaxy S7
• Samsung Galaxy S8
• Samsung Galaxy S9

The above list is not exhaustive. There can be other devices that are vulnerable to this risk.

Team Project Zero

Google has employed a highly skilled security analyst & formed a Project Zero team to counter the impact of the zero-day security issue.

This team aims to provide a detailed & effective solution to safeguard the users against the impact of zero-day security bug.

In addition to the solutions provided by Google, it is better to take some precautions to secure our devices:-

1. Shut off the public access: The duration for which our system is exposed to the zero-day threat needs to be minimized. During this time, our system is in a high-risk zone. There are very high chances of the system being attacked by hackers. So it’s better to shut off the public access to service lines, ports.
2. Keep DRP ready: DRP means Disaster Recovery Plan. The plan should be in place & kept ready for use as soon as the system is attacked.
3. Detection based on statistics: With the use of reports & studies based on the statistics, irregularities in the systems can be detected in advance.
4. By keeping something in between the incoming request, messages & the server, we can stop malware from attacking the server.

How does the update help?

The October update of Android 10 helps in fixing the zero-day vulnerability issue by allowing users to upgrade their software by installing a revised version.

This can result in new features being added, obsolete features being deleted, changes to the drivers, fixing the bugs & security loopholes.

The users can keep their device protected by following the below habits:

• Configure the security settings of the device & keep it up to date.
• Install the latest version of the software & security programs.
• Establish safe online habits.

The extent of Zero-day Vulnerability

The zero-day security risk is not limited to any one component of the systems but it impacts various components. The impact of the zero-day issue can be classified according to the components of the systems:-

• Framework: This is a very high-risk component. The malware can alter the device settings as it can bypass the requirements of the user interface.
• Operating Systems: Once the malicious programs gain access to the system, the overall safety & security is at risk.
• Media framework: In this section, the hacker gains complete control over the media framework of the device. This may allow him to play corrupted or infected media files.
• Kernel Component: By impacting the Kernel component of the software, the bug can adversely affect the performance & security of the device.

Example of Zero-day vulnerability:

Stuxnet is a malicious program that was detected in 2010. This was an infectious computer worm that replicated itself over and over again. This program was responsible for causing major damage to Iran’s nuclear plans. This program is an example of a zero-day security issue that took full control of Iran’s computer systems & changed the various processes of its nuclear plans.

Other issues fixed by the Android 10 update:

One of the major issues addressed by the Android 10 update is the Zero-day vulnerability threat. Apart from this, there are many other issues fixed by the October update. They are as follows:-

• Memory drain issue in the UI fixed.
• Bootloop issue solution in specific device locale modes.
• Improvements related to the gesture by enhancing stability.
• Fix to develop the stability of the system.
• The problem of the notification being missed in the stand-mode solved.
• Improved Wi-Fi connectivity by enhancing the stability of the connection with the network.
• Improvements in calibration of various sensors.

Conclusion

Google is prompt in releasing new versions & updates to address various issues faced by Android smartphone users. It recently launched the latest version of its Android OS, the Android 10 in September 2019.

It presented the users with new problems & issues. Subsequently, Google released an update in October to fix all the issues.

Google assures that once the users have installed the October update to their devices, their experience with the Android 10 will get a bug-free & smooth. Google can also release the Android 10.1 version soon to further enhance the experience.