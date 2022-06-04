Smartphones have become the device par excellence for millions of people around the world thanks to the tools they offer, both to perform a wide variety of tasks and to facilitate communication with other people in our city and around the world.

It is due to this fact that many hackers consider smartphones to be the ideal means of accessing users’ personal information.

That is why security companies, being aware of this, are always working on the development of solutions that help neutralize any attack targeted at mobile devices.

One of them is Microsoft, which recently carried out an operation under which corrected a severe vulnerability that was compromising the security of a large number of Android phones, specifically, a problem present in the design of the pre-installed self-diagnostic framework from MCE Systems.

This framework in question is integrated into a large number of system applications as a self-diagnosis tool, which can usually be found in the Play Store.

At the time of being discovered by Microsoft, the vulnerability had made its way through the automated Google security checks. The company later added this anomaly to its checklist after being alerted by Microsoft.

Taking into account the wide presence that this framework has as it is part of the system’s pre-installed applications, the permissions it has are numerous, which gives it the control of the phone almost completely. This should not be a problem since only the privileged application of the system is the one that maintains direct interaction with the framework.

However, Microsoft found that the design of this element offered any experienced attacker the opportunity to implant a persistent backdoor to go unnoticed and thus be able to incognito monitor its target or exercise control of the device through insecure JavaScript-based injections.

As a solution to this irregularity in the framework, MCE Systems carried out the implementation of a different software.

Also, it was detected that Google has a APIs on Android 5 and higher which can be very useful to correct the vulnerability, thus being adopted by MCE Systems to run it on devices that present compatibility, so that in the course of these days the 98% of devices have been updated to a version of Android with the improvements already made.