More than a billion Android devices were at risk due to critical vulnerability -


Post Top Ad

Post Top Ad

Monday, 29 May 2017

More than a billion Android devices were at risk due to critical vulnerability

Researchers at the Georgia Institute of Technology and the University of California at Santa Barbara discovered a new class of attacks on Android-smartphones, which is called Cloak and Dagger. It allows the fraudsters to carry out actions on the mobile device in secret of user: for example, to register the pulsations of the buttons and to install the application.

Experts have discovered a serious vulnerability affecting all versions of Android (Including the latest version of Android 7.1.2 Nougat). You are exposed to more than a billion devices worldwide. With the help of the Cloak and Dagger vulnerability, attackers can steal stored in the device's information by creating a malicious application that asks for only two permissions. The application simply needs access to BIND ACCESSIBILITY SERVICE ("a11y") and SYSTEM ALERT WINDOW (drawing from the top of other windows), and is able to record keystrokes and steal passwords and other sensitive data.

Forcing the user to provide malicious software requested access is not always easy, but in the arsenal of very sophisticated cybercriminals techniques. As soon as the victim has given the application the aforementioned permissions, the attackers may imperceptibly for it, download malware, steal information and gain control over the device.

According to the researchers, the vulnerability allows for all sorts of serious attacks, ranging from the hijacking of passwords and PIN codes and even imperceptible to install applications that run in the "god mode", and the victim will not even know.

Google has taken relevant steps to improve the security of its mobile operating system immediately after receiving the message of vulnerability. "We've updated Google Play Protect (our security service for all Android devices with Google Play) to detect and prevent the installation of similar applications," the company said.

It is expected that the Cloak and Dagger vulnerability patch will be released with the release of the following routine updates for Android. However, taking into account the fact that between the exit of the update and the final obtaining of the users goes through a great period, the vulnerability poses a serious threat to security.

No comments:

Post a Comment

Post Top Ad