The other two flaws have not been announced as fixed in any Android security update bulletins yet, and depending on the device model and how often manufacturers update its kernel, it might take a while. However, users can still mitigate the threat by turning off USB debugging (ADB), setting the cable connectivity mode to "Charge Only," and enabling Full Disk Encryption (Settings → Security & privacy → More security & privacy → Encryption & credentials → Encrypt phone). After Amnesty shared its findings with Google's Threat Analysis Group (TAG), Google's researchers were able to pinpoint three vulnerabilities in the Linux kernel USB drivers, also used in Android, that were exploited as zero-days. Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware. The use of this Android exploit was found by Amnesty International's Security Lab in mid-2024 during forensic research on the logs of the impacted device. In April 2024, Google fixed two zero-day flaws (CVE-2024-29745 and CVE-2024-29748) forensic firms exploited to unlock phones without a PIN, implementing memory zeroing before USB is enabled. Cellebrite is an Israeli digital forensics company that develops tools used by law enforcement, intelligence agencies, and private companies to extract data from smartphones and other digital devices. Earlier this month, Apple fixed a zero day (CVE-2025-24200) Cellebrite and GrayKey leveraged for bypassing USB Restricted Mode to extract data from iPhones. Head of Security Lab at Amnesty, Donncha O'Cearbhaill, told BleepingComputer that patching CVE-2024-53104 might be enough to disrupt the whole exploitation chain, although they cannot be certain about it yet. GrapheneOS told BleepingComputer that their Android distribution already has patches for CVE-2024-53197 and CVE-2024-50302 because they regularly update the latest Linux kernel. USB exploits commonly take advantage of vulnerabilities in a device's USB system, such as the drivers, firmware, or kernel components, to gain unauthorized access or control over the system. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Companies like Cellebrite commonly utilize zero-day exploits to access and extract data usually protected on locked phones. In response to the revelations, Cellebrite announced it blocked access to its tools for the country's security services (BIA) earlier this week. BleepingComputer asked Google when fixes for the two flaws would become available to all Android users, but we are still awaiting a response.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 28 Feb 2025 16:30:14 +0000