Researchers at Georgia Institute of Technology have discovered a new class of android vulnerability. Dubbed as ‘Cloak and dagger’, the new vulnerability affects android devices including the latest version of Nougat (7.1.2). According to the researchers, the attacks allow a malicious app to completely control the UI feedback loop and take over the device – without giving the user a chance to notice the malicious activity.
The attacks have the capability of affecting both BIND_ACCESSIBILITY_SERVICE (“a11y”) and SYSTEM_ALERT_WINDOW (“draw on top”) functions. If the app reaches the phone through the Play Store, the user is not notified about permissions, and it can succeed without being granted any permission. According to Georgia Tech team, the attacks can vary from capturing passwords or even extracting contacts.
Google has reported the attack method which are hidden within pirated apps.
Winston Bond, EMEA technical director at application security outfit Arxan Technologies, while talking to The Register said: “The discovery of the latest ‘cloak and dagger’ threat facing Android devices demonstrates just how dangerous corrupted or malicious fake applications can be.
“Users have traditionally been told they will be safe as long as they only download apps from official sources and don’t pirate software, but we have increasingly seen cases of malicious apps being downloaded from within app stores or official websites.
“Developers can no longer rely on the ‘walled garden’ approach of app stores to protect their users from malicious copies of their apps, and need to proactively defend their software from criminals seeking to tamper with its code and turn it into a weapon.”