Google Releases Update to Patch Android USB Driver Zero-Day Vulnerability Exploited by Spyware
Google Releases Update to Patch Android USB Driver Zero-Day Vulnerability Exploited by Spyware
- Why Enterprise RAID Rebuilding Succeeds Where Consumer Arrays Fail?
- Linus Torvalds Rejects MMC Subsystem Updates for Linux 7.0: “Complete Garbage”
- The Man Who Maintained Sudo for 30 Years Now Struggles to Fund the Work That Powers Millions of Servers
- How Close Are Quantum Computers to Breaking RSA-2048?
- Why Windows 10 Users Are Flocking to Zorin OS 18 Instead of Linux Mint?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
Google Releases Update to Patch Android USB Driver Zero-Day Vulnerability Exploited by Spyware
Google has released a security update to fix a critical Android USB driver vulnerability that was exploited by Serbian authorities to deploy spyware.
The vulnerability allowed attackers to bypass Android lock screens and gain unauthorized access to devices, enabling them to install spyware for comprehensive surveillance.
Spyware Deployment via Zero-Day Exploit
Israeli digital intelligence firm Cellebrite provides intelligence gathering and forensic services to its clients. The company also supplies undisclosed zero-day vulnerabilities to facilitate spyware attacks on specific targets.
In December 2024, reports surfaced indicating that Serbia had procured and deployed vulnerabilities and corresponding spyware provided by Cellebrite and NSO Group. These exploits primarily targeted Android smartphones, enabling attackers to bypass lock screens and extract sensitive data.
Google’s Security Patch and Vulnerability Details
As part of its regular Android security update this month, Google patched the security flaw exploited by Cellebrite, which has been assigned the identifier CVE-2024-53104. Additionally, two other vulnerabilities, CVE-2024-53197 and CVE-2024-50302, were patched upstream in the Linux Kernel but have yet to be integrated into the Android Open Source Project (AOSP).
Overview of CVE-2024-53104
This vulnerability primarily affects USB class drivers in the Linux Kernel. It allows entities with physical access—such as Cellebrite’s clients, including Serbian authorities—to bypass Android’s lock screen and gain device access.
Since the flaw exists within the upstream Linux Kernel, it is not limited to Android. Any Linux-based system, including embedded Linux devices, is potentially vulnerable. However, there is currently no evidence suggesting that attackers have exploited this vulnerability against non-Android devices. High-value vulnerabilities like this are often used selectively to avoid detection by security researchers.
Exploitation Methodology
To exploit this vulnerability, an attacker must have physical access to the target device. Using specialized software, they can install spyware, which can then harvest various types of data from the device, including real-time location tracking and live surveillance capabilities.
As part of the attack, the target device’s USB port is initially connected to different peripheral devices. These devices repeatedly establish and disconnect connections to trigger the vulnerability, which leads to kernel memory leaks. The attackers then modify kernel memory as part of the exploitation process.
The USB peripherals used in the attack may include specially designed devices that simulate video or audio input connections to the target device. Once the vulnerability is successfully triggered and access is gained, attackers can install unknown software—namely, spyware—onto the unlocked device.
