Cloak & Dagger Android Exploit Runs Invisibly, Steals Passwords
A team of researchers from the Georgia Institute of Technology has created a proof of concept exploiting a series of vulnerabilities and design shortcomings in the Android UI that the team says can be used to steal passwords, or to install a “God-mode” app that gives hackers full permissions on the device.
In a research paper forwarded to Google â€“ Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop â€“ the team uncovers a new class of potential attacks affecting all Android devices, including versions 7.1.2 and below. The attacks abuse SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“accessibility”).
On a website dedicated to the discovery, the team shows on video how a malicious app bypassing Google Play Protect can end up on a user”s Android device and control the UI feedback loop, essentially taking over the device completely. The worst part? Users won”t notice any malicious behavior.
“These attacks only require two permissions that, in case the app is installed from the Play Store, the user does not need to explicitly grant and for which she is not even notified,” the team says. “Our user study indicates that these attacks are practical. These attacks affect all recent versions of Android (including the latest version, Android 7.1.2), and they are yet to be fixed.”
Attacks that abuse the “draw on top” permission include context-aware clickjacking and context hiding, luring the user into enabling accessibility for the attacker even with the latest security mechanisms in place. Also leveraging “draw on top” is the Invisible Grid Attack, which consists of unconstrained keystroke recording â€“ essentially a keylogger that can be used to steal passwords or retrieve private information.
Attacks that abuse the “accessibility service” permission include security PIN stealing, device unlock through PIN injection, arbitrary actions with the screen switched off, stealing two-factor authentication tokens, ad hijacking and more.
Attacks that abuse both permissions include silent installation of an app that has all permissions enabled (also known as God-mode app) and stealthy phishing.
To defend against these attacks, users are advised to check which applications have access to the “draw on top” and accessibility permissions. As a rule of thumb, users should only download applications from developers they trust. Google has done its bit by updating its “bouncer” to keep such malicious apps out of Play Store.
“We”ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer,” the Internet giant said in a statement. “We have updated Google Play Protect â€” our security services on all Android devices with Google Play â€” to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues moving forward.”
Android O, to launch on Sept. 23, is the latest version of the company”s mobile operating system. In addition to these new safety measures, Android O packs an anti-ransomware mechanism.
Bitdefender”s Privacy Advisor feature, available with the Mobile Security & Antivirus app, notifies users of potentially malicious applications asking for permissions on the device.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021