Skip to Content
© Kuprevich |
Security & privacy

Update your Android now! Critical threat puts passwords at risk

Android just can’t catch a break these days. Not only does the embattled operating system have to deal with the constant threat of hostile apps and malware, but it’s now facing a critical security flaw unlike any before it.

No, this one wasn’t caused by a breach in the Google Play Store or a malicious app masquerading as a normal one, but we don’t blame you for thinking otherwise. Issues like those have become all-too-common for Android users. Tap or click here to see what the last bad batch of malicious apps on Google Play did.

This new security flaw, on the other hand, is something wrong with Android itself. Every Android device running version 9 or lower now runs the risk of their phone getting hijacked and their passwords stolen. If your phone is running an older version of Android, here’s why you want to update it immediately.

The danger lies within

A dangerous new security flaw in older editions of Android puts your most sensitive passwords squarely in the hands of hackers and cybercriminals.

Dubbed “Strandhogg 2.0” by its discoverers at Norwegian security firm Promon, this bug mirrors an earlier glitch found six months earlier. But despite their similar modes of attack, this one is worse enough for Promon to describe it as “Strandhogg’s evil twin.” Yikes. Tap or click here to see what Strandhog 1.0 was capable of.

Strandhogg 2.0 exists as an issue with Android’s multitasking system, which allows for multiple apps to be opened at once and switched between. In order to be affected, vulnerable phones would have to download a specially designed malicious app.

To take advantage of the flaw, the malicious app would need to inject its code and use the multitasker to make it look like you’re still in the app you were using previously. This allows for the use of dangerous tricks like fake login screens, which can be harnessed to steal usernames and passwords.

To make matters worse, nearly every phone running older versions of Android appears to be affected by the bug. Version 10 does not appear to suffer the same risks, and Google is remaining mum on the issue to not reveal its hand to enterprising hackers. Promon, to its credit, will also hold off on releasing more details until Google gives the okay.

How can I protect my device against this bug

Thankfully, Google representatives have said that there is no evidence of the glitch being exploited in the wild as of yet. This means you can put aside any fears that you may have already been compromised.

But to protect your system, Google is recommending all users of Android version 9 and lower take the time to update their operating system. The latest Android security updates include new definitions for Google Play Protect, a stock app-screening service that can block apps exploiting the Strandhogg 2.0 vulnerability.

Here’s how you can update Android, as well as install the latest security settings for your device.

  1. Open your phone’s Settings app.
  2. Near the bottom, tap System, followed by Advanced. Then, tap System update.
  3. You’ll see the update status. Follow any steps on the screen.
  4. Once your device is up-to-date, open Settings again and tap Security.
  5. To check if a security update is available, tap Security update.
  6. To check if a Google Play system update is available, tap Google Play system update.
  7. Follow any steps that appear onscreen to complete the process.

As bad as the constant deluge of malicious apps and security flaws are for Android users, we can at least rest easy that Google takes them seriously enough to release patches rather quickly.

This pales in comparison to some major tech companies that let users flounder until the next update is released. Well, one, in particular, that is. Tap or click here to see how the latest Windows update caused a number of problems for users.

As with any Android issue, you’ll always be safest if you stick to well-known, reliable apps for your utility and entertainment needs. Otherwise, you may be inviting something dangerous into your phone without realizing it. And even if Google releases a fix in only a few days, that time when your phone is vulnerable can make all the difference.

Tech smarts in 2 minutes a day

Get my Daily Tech Update and the Digital Life Hack. Just one minute each and arm you with the tech knowledge you need to impress your boss and friends with how smart you are.