In early February 2025, Google’s Android Security Bulletin disclosed a critical zero-day vulnerability affecting over a billion Android devices. This high-severity flaw, tracked as CVE-2024-53104, was actively exploited at the time of disclosure, highlighting the urgent need for users to update their devices.
This vulnerability, identified as an out-of-bound write in the USB Video Class (UVC) driver, resides at the kernel level. This means the exploit impacts a vast majority of Android devices, regardless of manufacturer. Google’s release note acknowledges indications of limited, targeted exploitation of CVE-2024-53104. Researchers at Amnesty International first reported the vulnerability.
The Scope of the Vulnerability and Its Exploitation
The attack vector for this vulnerability is a USB interface. Exploiting zero-day vulnerabilities within the Linux kernel’s USB drivers enables malicious actors to bypass Android’s lock screen protection. Through a USB connection, unauthorized individuals can gain deep-level privileged access to a device.
Cellebrite UFED device.A Cellebrite UFED device, used for extracting data from smartphones. Cellebrite
Amnesty International reported the use of a Cellebrite UFED kit by law enforcement to unlock and access data on a Serbian student activist’s Samsung Galaxy A32 phone without consent or notification. This incident raises significant concerns about the potential for abuse of such tools.
The Implications of Cellebrite’s Involvement
Cellebrite provides forensic analysis tools to law enforcement and federal agencies globally. These tools, while intended for legitimate investigations, can be misused for surveillance and targeting of individuals. Amnesty International’s report emphasizes the urgent need for Android vendors to strengthen security measures against unauthorized access via USB connections to locked devices.
This isn’t the first time Cellebrite has faced scrutiny. In 2019, the company claimed its Universal Forensic Extraction Device could unlock any Android or Apple device. This claim sparked ethical concerns about potential misuse by authorities for surveillance and harassment of journalists, activists, and whistleblowers.
Addressing the Vulnerability and Future Security
Two additional kernel-level vulnerabilities, CVE-2024-53197 and CVE-2024-50302, were also addressed in the February security update. However, these vulnerabilities haven’t yet received full OS-level patches from Google.
A few months prior, Apple enhanced security protocols in its iOS 18.1 update to mitigate unauthorized access to locked iPhones. This proactive approach underscores the ongoing need for operating system developers to address evolving security threats.
Conclusion: The Importance of Staying Updated
The discovery and exploitation of CVE-2024-53104 highlight the critical importance of keeping Android devices updated with the latest security patches. Users should prioritize installing updates promptly to protect themselves from potential attacks exploiting this and other vulnerabilities.
