Flash Notice: Android Users Warned About Flaw Under Active Exploitation

overview

Google has recently released a security update to address CVE-2024-32896, a privilege escalation flaw in the Android framework. This flaw is under active exploitation and could allow an attacker to locally escalate privileges inside a victim’s phone.  

There a currently no details as to how exactly this vulnerability is being exploited, but what is known is that this vulnerability impacts the entire Android ecosystem, not simply the version on Google Pixel phones.  

The one piece of good news is that an attacker requires physical access to the device in order to take advantage of this flaw, meaning users can exercise precautionary measures to protect themselves.  

Despite the physical access requirement, Android users are still urged to update their phones as soon as possible, since physical access can be obtained in ways that may not be immediately obvious.  

how avertium is protecting our customers

IOCs ADDED TO OUR THREAT FEEDS

At this time, there are no known IoCs associated with this threat. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

TTPs TO MONITOR

Exploiting vulnerabilities such as CVE-2024-32896 will require some measure of targeted social engineering. Since physical access means root access any almost every device, users must be their own protectors, taking care to always maintain positive control over their mobile devices.  

 Examples of ways an attacker might attempt to engineer a phone or tablet away from the target are listed below.  

1. Pretexting

The attacker creates a plausible scenario (or pretext) to gain the victim's trust. For instance, an attacker may pose as a customer service agent from a company and claim they need your phone access to troubleshoot an issue, update software, or confirm your identity. By using this pretext, they may persuade you to download malicious apps or give them access to your phone. 

2. Quid Pro Quo (Exchange of Favors)

This involves an attacker offering something of value (like free mobile data, services, or app features) in exchange for certain actions, such as installing an app or granting permissions that compromise the phone's security. These apps or actions might be designed to install malware or open vulnerabilities in the device. 

3. USB Charging Stations (Juice Jacking)

Public charging stations can sometimes be compromised. Attackers modify the USB ports or cables to either install malware on your phone or steal data when you connect your device. Social engineering plays a role by convincing the user that the charging station is safe to use. 

ADDITIONAL SERVICE OFFERINGS

• Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
  
• Security Information and Event Management (SIEM) - Minimizing the impact of a successful ransomware or malware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior. 
• Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:  
  • Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment). 
  • Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK). 
  • Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan).

SUPPORTING DOCUMENTATION