Beware! All Versions of Android Vulnerable to Extremely Dangerous Full Devices Takeover Attacks
By Prempal Singh
Experts have uncovered a new attack, dubbed ‘Cloak and Dagger’, that works against all versions of Android os, up to version 7.1.2.
Cloak and Dagger attack allows hackers to silently take full control of your device and steal private information, including keystrokes, chats, device PIN number, online account passwords, OTP passcode, and contacts.
Exactly what is interesting about Cloak and Dagger attack?
The assault doesn’t exploit any susceptibility in Android ecosystem instead, it abuses a set of genuine software permissions that is being widely used in popular applications to gain access to certain features on an Android device.
Researchers at Georgia Institute of Technology have uncovered this assault, who successfully performed it on 20 people and none of them were able to discover any malicious activity.
Cloak and Dagger attacks utilize two basic Android permissions:
- SYSTEM_ALERT_WINDOW (“draw on top”)
- BIND_ACCESSIBILITY_SERVICE (“a11y”)
The first authorization, known as “draw on top, ” is the best overlay feature that allows software to terms overlap on a device’s display screen and top of other apps.
The second authorization, known as “a11y, designed to help disabled, blind and creatively impaired users, allowing them to enter inputs using voice commands, or listed commands content using screen visitor feature.
Scary Things Cyber criminals Can Do to The Android (Demo)
Since the attack will not require any malicious code to perform the romanized tasks, it becomes easier for cyber criminals to develop and post a malicious software to Google Play Store without detection.
Unfortunately, it’s a known reality the security mechanisms employed by Google are not enough to keep all malware out of its software market.
In case you are following regular security improvements from The Hacker Information, you must be better aware of frequent statements like, “hundreds of software infected with adware focusing on play store users, and “ransomware software found on play store.
Just last month, experts uncovered several Android software masqueraded as a simple “Funny Videos” software on Play Store with over 5, 000 downloads but distributed the ‘BankBot financial Trojan’ that steal victims’ banking passwords.Here’s what the researchers explained how they got on the Google Play Store to perform Cloak & Dagger attacks:
Here’s what the researchers explained how they got on the Google Play Store to perform Cloak & Dagger attacks:
“In particular, we submitted a software demanding these two permissions and containing a non-obfuscated feature to download and perform arbitrary code (attempting to simulate an evidently malicious behavior). This software got approved after simply a few several hours (and it is still available on the GooglePlay Store). ” experts say.
Once installed, the researchers say the opponent can perform various harmful activities including:
- Advanced clickjacking attack
Unconstrained keystroke saving
Stealthy phishing assault
Noiseless installation of a God-mode software (with all accord enabled)
Silent phone area code and arbitrary actions (while keeping the screen off)
In a nutshell, the attackers can secretly take over your Android device and spot on your every activity you do on your phone.
Researchers have also provided the video presentations of a number of Cloak and Dagger attacks, which will blow your mind.
Google Can’t Fix This, At Least Not So Fast
University researchers have already disclosed the brand new attack vector to Google but noted that because the issue resides in the way Android OS has been designed, including two of its standard features that behave as intended, the challenge could be hard to resolve.
“Changing a feature is not like fixing a bug, said Yanick Fratantonio, the paper’s first author. “System designers will now have to think more about how precisely seemingly unrelated features could interact. Features do not operate separately on the device.
As we reported earlier, Google presents “SYSTEM_ALERT_WINDOW” (“draw on top”) permission to all applications directly installed from the required Google Play Store since Android Marshmallow (version 6), launched in October 2015.
This feature that allows malicious software hijack a device’s screen is one of the most generally exploited methods employed by internet criminals and hackers to trick unwitting Android users into falling victims for malware and phishing scams.
However, Google has organized to change its plan in ‘Android O, ‘ which is scheduled for release in the next quarter this year.
Therefore, users need to wait around for a lengthy, long time, as millions of users are still waiting for Android Nougat (N) from their device manufacturers (OEMs).
In other words, the majority of smartphone users will continue to be victimized by ransomware, malware and banking Trojans at least for next one year.
Temporary Minimization
The easiest way to deactivate the Cloak and Dagger attacks in Android 7. 1. 2 is to turn off the “draw on top” permission by heading on to:
settings-> Apps -> Gear symbol -> Special access -> Draw over other apps.
The universal and simplest way to avoid being hacked is always to download software from Google Play Store, but only from trusted and validated developers.
You are also advised to check software permissions before installing applications. If any software is asking more than what it is meant for, just do not install it.
Source: thehackernews.com