Skip to main content
  1. Home
  2. Phones
  3. Mobile
  4. News

Google quietly fixed USB flaw that left over a billion Android devices exposed

Add as a preferred source on Google
Official Android mascot and splash screen on a phone.
Denny Müller / Unsplash

In the first week of February, Google published its usual Android Security Bulletin, detailing security flaws that have been plugged to strengthen the platform safety. These flaws are usually declared once they have been fixed, except in special circumstances.

February is one of those rare situations for a kernel-level, high-severity flaw that was still being actively exploited at the time of the bulletin’s release. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation,” says the release note.

Recommended Videos

The flaw was first reported by experts at Amnesty International, which describes it as an “out-of-bound write in the USB Video Class (UVC) driver.” The researchers add that since it’s a kernel-level exploit, it impacts overs over a billion Android devices, irrespective of the brand label.

Since it’s a zero-day exploit, only the attackers know of its existence, unless security experts sense its presence, develop a fix with the platform’s team, and then widely release it for all affected devices. Two other vulnerabilities, CVE-2024-53197 and CVE-2024-50302, have been fixed at the kernel-level, but haven’t been completely patched at an OS-level by Google

The impact pool is vast

The pool of affected devices is the Android ecosystem, while the attack vector is a USB interface. Specifically, we are talking about zero-day exploits in the Linux kernel USB drivers, which allows a bad actor to bypass the Lock Screen protection and gain deep-level privileged access to a phone via a USB connection.

Cellebrite UFED device.
A Cellebrite device used that is used to extract data from smartphones. Cellebrite

In this case, a tool offered by Cellebrite was reportedly used to unlock the phone of a Serbian student activist and gain access to data stored on it. Specifically, a Cellebrite UFED kit was deployed by law enforcement officials on the student activist’s phone, without informing them about it or taking their explicit consent.

Amnesty says the usage of a tool like Cellebrite — which has been abused to target journalists and activists widely — was not legally sanctioned. The phone in question was a Samsung Galaxy A32, while the Cellebrite device was able to break past its Lock Screen protection and gain root access.

“Android vendors must urgently strengthen defensive security features to mitigate threats from untrusted USB connections to locked devices,” says Amnesty’s report. This won’t be the first time that the name Cellebrite has appeared in the news.

Update your Android smartphone. ASAP!

The company sells its forensic analysis tools to law enforcement and federal agencies in the US, and multiple other countries, letting them brute-force their way into devices and extract critical information.

In 2019, Cellebrite claimed that it could unlock any Android or Apple device using its Universal Forensic Extraction Device. However, it has also raised ethical concerns and privacy alarms about unfair usage by authorities for surveillance, harassment, and targeting of whistleblowers, journalists, and activists.

A few months ago, Apple also quietly tightened the security protocols with iOS 18.1 update, with the intention of blocking unauthorized access to locked smartphones and preventing exfiltration of sensitive information.

Nadeem Sarwar
Nadeem is the Managing Editor at Digital Trends.
Google’s next Gemini upgrade might not arrive as soon as expected
Even Google's AI needs more time to finish its homework
google-gemini-ai-news-accuracy

Google helped kickstart the modern AI race, but staying ahead has turned out to be far more difficult than joining it. According to a new Bloomberg report, the company has fallen months behind its internal schedule for launching Gemini 3.5 Pro, its next flagship AI model, as engineers continue working to improve one of its biggest weaknesses: coding.

The delay isn't simply about polishing another chatbot. It highlights a broader problem facing Google, where massive engineering teams, multiple product divisions and increasingly strict AI safety requirements are slowing the company's ability to respond to rivals that seem happy to move much faster.

Read more
The iPhone 18 Pro Max camera could open and close like a real lens for better portraits
A leaked factory log just spoiled the iPhone 18 Pro Max’s best camera upgrade
iphone 18 pro

Apple’s next flagship camera may learn how to open and close its eye. A diagnostic log reportedly connected to the iPhone 18 Pro Max contains calibration data for a variable-aperture main camera, according to Notebookcheck.

The internal document was found among files allegedly stolen from Apple supplier Tata Electronics and released by the World Leaks ransomware group. Apple has neither verified the material nor commented on the report. And of course, Apple has neither verified the material nor commented on the report.

Read more
Messi or Ronaldo? Caviar made football’s greatest rivalry an expensive 24-karat choice
Football’s biggest debate just became Android vs iPhone
Samsung Galaxy Z Fold 8 Ultra and iPhone 17 Pro with 24-karat gold design with Ronaldo and Messi etching

Caviar has moved football’s greatest debate onto another fiercely contested battlefield. The Android versus iPhone discussion is getting more heated by adding Ronaldo and Messi to the mix. The luxury-device company's new Legends collection pairs Lionel Messi with a customized Samsung Galaxy Z Fold 8 Ultra, while Cristiano Ronaldo gets an iPhone 17 Pro and iPhone 17 Pro Max. Both designs use handcrafted cloisonné enamel and 24-karat gold plating, with prices starting at $18,382 for Messi’s foldable and $15,974 for Ronaldo’s iPhone.

Messi gets the foldable, Ronaldo gets the iPhone

Read more