Monday, October 15, 2018
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Call of Duty: Black Ops 4 Delivers Biggest Launch Day One Digital Sales in Activision History
Samsung Mobile CEO Confirms New Foldable Phone will Also be a Tablet
Hackers Stole Phone Number and Email Details of 29 Million Facebook Users
TSMC Said to be the Sole Maker of the 7nm Apple A13 Chips
Samsung Chromebook Plus V2 Gets "Always On" LTE Connectivity
Intel Further Reduces Stake in EUV Equipment Maker ASML
Facebook Removes More than 800 Spam Accounts, Pages
Xbox Update Rolling Out Today, Brings Avatars and Dolby Vision Video Streaming
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > Mobiles > Cloak a...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, June 02, 2017
Cloak and Dagger Security Hole in Android Discovered

An unpatched vulnerability dubbed Cloak and Dagger applies to all versions of Android and allows malicious actors to steal data including passwords; install applications with a full set of permissions; and monitor what the user is interacting with or typing on a keyboard on any Android smartphone or tablet.

Demonstrated by employees of the Georgia Institute of Technology and the University of California, Santa Barbara, the attack uses an app from Google Play. Although the app asks for no specific permissions from the user, attackers obtain the rights to show the interface of the app on top of other apps, visually blocking them, and to click buttons on behalf of the user in such a way that they do not notice anything suspicious.

According to the researchers, the attack is possible because users are not explicitly prompted to allow apps to access SYSTEM_ALERT_WINDOW functions when installing apps from Google Play, and permission to access ACCESSIBILITY_SERVICE (A11Y) is quite easy to obtain.

The first permission allows an app to overlay its interface on top of any other app, and the second one gives it access to a set of functions - Accessibility Service - for people with visual or hearing impairment. The latter can do a lot of different, even dangerous things, on a device by allowing an application both to monitor what happens in other apps and to interact with them on behalf of the user.

Essentially, the attacks that use the first permission, SYSTEM_ALERT_WINDOW, overlay other apps with their own interface without prompting the user. Moreover, the windows it can show can have any shape - including shapes with holes. They can also either register tapping or let it go through so that the app window below registers it.

The second permission, Accessibility, was designed with good intentions: to make it easier for people with visual or hearing impairments to interact with Android devices. However, this feature gives such a large number of permissions to apps that it is more often used for different purposes - by apps that need to execute actions not usually allowed on Android.

For example, to read out loud what is happening on the screen for people with a visual impairment, an app with Accessibility access may obtain information such as: what app has been opened, what the user taps on, and when a notification pops up. This means that the app knows the entire context of what is happening. And that's not all. In addition to monitoring activities, the app can also perform various actions on behalf of the user.

All in all, Google is aware that the Accessibility permission gives applications the ability to do practically anything that one can think of on the device; therefore, it requires users to enable Accessibility for each individual application in a special menu in the settings section of a smartphone.

The problem is that by using the first permission, SYSTEM_ALERT_WINDOW, and by skillfully showing windows that overlap most of the screen (aside from the "OK" button), attackers can trick users into enabling Accessibility options, thinking that they are agreeing to something innocuous.

Then, because Accessibility can perceive context and act on behalf of users, which includes making purchases in the Google Play store, it becomes child's play for attackers to use Google Play to download a special spy app and give it any permissions they want. Moreover, they can do so even when the screen is off or, for example, while a video clip plays, blocking everything that is happening below it.

Accessing SYSTEM_ALERT_WINDOW and ACCESSIBILITY_SERVICE also allows fraudsters to perform phishing attacks without raising user suspicion.

For example, when a user opens the Facebook app and attempts to enter their login and password, another app with the Accessibility permissions may understand what's happening and interfere. Then, by making use of SYSTEM_ALERT_WINDOW and the ability to overlay other apps, the application may show the user a phishing window that looks just like Facebook's password prompt, into which the unsuspecting user will enter the login and password of his or her account.

In this case, the knowledge of context allows the developers to show the phishing screen at the right spot only when the user is going to enter the password. And from the user's point of view, the Facebook login worked as expected, so they won't have any reason to suspect that something has gone wrong.

The authors of the Cloak and Dagger research have tested the attack on three most popular Android versions: Android 5, Android 6, and Android 7, which together account for 70% of all Android devices. It turns out that those versions are all vulnerable to the attack - and it's likely all previous versions are as well. In other words, if you have an Android device, it probably concerns you as well.

In order to protect yourself, you should try not to install unknown apps from Google Play and other stores, especially free apps. Legitimate apps will not attack you using Cloak and Dagger. Nevertheless, the question of how to tell a suspicious app from a harmless one remains open.

In addition, you should regularly check which permissions the apps on your device have and revoke unnecessary ones.

Foxconn, Apple and Amazon to join Bid for Toshiba Chip Business: report        All News        Silicon Motion Showcases New SM2262 SSD Controller at Computex
Xiaomi and Apple Tie for the Top Position in Wearables Market     Mobiles News      Qualcomm Quick Charge 4+ Coming in Your Next Mobile Device

Get RSS feed Easy Print E-Mail this Message

Related News
ZooPark Android Malware Tracks all Your Phone Activities
Preinstalled Malware May Be Targeting Your Android Phone
Researchers Say 1 Million Google Accounts Breached by "Gooligan"
Android Devices Vulnerable To Physical RAM Attack
Millions Of Android Devices Infected With Chinese Malware
'GODLESS' Android Mobile Malware Uses Multiple Exploits to Root Devices
Fraunhofer SIT Finds Vulnerabilities in Android Security Apps
Android Ransomware Can Change Your Mobile's PIN Code

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .