Skip to main content

CLOAK AND DAGGER - NEW SECURITY BUG IN ANDROID 7.0-

how-to-hack-android-phone


Researchers have discovered a new attack, dubbed 'Cloak and Dagger', that works against all versions of Android, up to version 7.1.2.

Cloak and Dagger attack allows hackers to silently take full control of your device and steal private data, including keystrokes, chats, device PIN, online account passwords, OTP passcode, and contacts.

What's interesting about Cloak and Dagger attack?

The attack doesn't exploit any vulnerability in Android ecosystem; instead, it abuses a pair of legitimate app permissions that is being widely used in popular applications to access certain features on an Android device.

Researchers at Georgia Institute of Technology have discovered this attack, who successfully performed it on 20 people and none of them were able to detect any malicious activity.

Cloak and Dagger attacks utilise two basic Android permissions:

SYSTEM_ALERT_WINDOW ("draw on top")BIND_ACCESSIBILITY_SERVICE ("a11y")
The first permission, known as "draw on top," is a legitimate overlay feature that allows apps to overlap on a device's screen and top of other apps.

The second permission, known as "a11y," is designed to help disabled, blind and visually impaired users, allowing them to enter inputs using voice commands, or listen content using screen reader feature.

Scary Things Hackers Can Do to Your Android (Demo)

Since the attack does not require any malicious code to perform the trojanized tasks, it becomes easier for hackers to develop and submit a malicious app to Google Play Store without detection.

Unfortunately, it’s a known fact that the security mechanisms used by Google are not enough to keep all malware out of its app market.

If you are following regular security updates from The Hacker News, you must be better aware of frequent headlines like, "hundreds of apps infected with adware targeting play store users," and "ransomware apps found on play store."

Just last month, researchers uncovered several Android apps masqueraded as an innocent "Funny Videos" app on Play Store with over 5,000 downloads but distributed the 'BankBot banking Trojan' that steal victims' banking passwords.

Here's what the researchers explained how they got on the Google Play Store to perform Cloak & Dagger attacks:

"In particular, we submitted an app requiring these two permissions and containing a non-obfuscated functionality to download and execute arbitrary code (attempting to simulate a clearly malicious behavior): this app got approved after just a few hours (and it is still available on the Google Play Store)." researchers say.


Once installed, the researchers say the attacker can perform various malicious activities including:

Advanced clickjacking attackUnconstrained keystroke recordingStealthy phishing attackSilent installation of a God-mode app (with all permissions enabled)Silent phone unlocking and arbitrary actions (while keeping the screen off)
In short, the attackers can secretly take over your Android device and spy on your every activity you do on your phone.

Google cant fix It, At Least Not So Fast

University researchers have already disclosed this new attack vector to Google but noted that since the issue resides in the way Android OS has been designed, involving two of its standard features that behave as intended, the problem could be difficult to resolve.

"Changing a feature is not like fixing a bug," said Yanick Fratantonio, the paper's first author. "System designers will now have to think more about how seemingly unrelated features could interact. Features do not operate separately on the device."


As we reported earlier, Google gives "SYSTEM_ALERT_WINDOW" ("draw on top") permission to all applications directly installed from the official Google Play Store since Android Marshmallow (version 6), launched in October 2015.

This feature that lets malicious apps hijack a device's screen is one of the most widely exploited methods used by cyber criminals and hackers to trick unwitting Android users into falling victims for malware and phishing scams.

However, Google has planned to change its policy in 'Android O,' which is scheduled for release in the 3rd quarter this year.

So, users need to wait for a long, long time, as millions of users are still waiting for Android Nougat (N) from their device manufacturers (OEMs).

In other words, the majority of smartphone users will continue to be victimised by ransomware, adware and banking Trojans at least for next one year.

Temporary Mitigation

The easiest way to disable the Cloak and Dagger attacks in Android 7.1.2 is to turn off the "draw on top" permission by heading on to:

Settings → Apps → Gear symbol → Special access → Draw over other apps.

The universal and easiest way to avoid being hacked is always to download apps from Google Play Store, but only from trusted and verified developers.

You are also advised to check app permissions before installing apps. If any app is asking more than what it is meant for, just do not install it.


Source : The Hacker News

Labels:

Comments

Post a Comment

Popular posts from this blog

SNIFF GSM USING HACKRFX

​TOOLS  USED: •  ha ckrf_kali • brategnuradio-companion • gr-gsmgqrx • wireshark INSTALL REQUIREMENTS: First thing, you want to make sure you have all the required software installed, you can install most of them and their dependencies using your distribution package manager. Let’s start with the libraries and tools for the hackrf itself, on a Debian/Ubuntu distro you’ll install them like so: sudo  apt-get install  hackrf   libhackrf -dev libhackrf0 Once these libraries are installed, you can plug your hackrf into one of your USB ports and execute the  hackrf_info  command, at this point you should see something like the following: # hackrf_info Found  HackRF  board. Board ID Number: 2 ( HackRF  One) Firmware Version: 2014.08.1 Part ID Number: 0x00574746 0x00574746 Serial Number: 0x00000000 0x00000000 0x14d463dc 0x2f4339e1 You will now install  gnuradio  which is the software we’ll use to decode the RF signals,  gqrx  a tool to visualize signal power on certain frequencies
Post a Comment
Read more

MORE ABOUT RANSOMWARES. PART 1

 Not long ago, a man committed suicide after an automatically generated notice from a computer virus threatened him with jail unless he paid a ransom thousands of dollars. The year was 2014. As incredible as the story seems, it marked the first known time a computer virus actually killed somebody. The next generations stole cash from users around the globe, and Cryptolocker raised the stakes – holding data of hundreds of thousands of users hostage. Despite successive short-lived take downs, the malware has made a comeback as CTB (Curve-Tor-Bitcoin) Locker. This challenging breed of malware is continuously improving, reaching new levels of complexity as smartphones and tablets are increasingly used to store crucial personal and enterprise-level documents. Bitdefender, the anti-malware solutions provider, zooms in on the subject to show how this type of virus works and to tell users how to prevent being locked out and extorted. What is ransomware? Ransomware is a type of malware th
Post a Comment
Read more

TERMINAL ON ANDROID- TERMUX

Let Termux be our topic today. It is an Android application which is a Terminal Emulator distributed by Fredrik Fornwall. It creates exactly the same working environment of Linux Terminal on Android. Take a try. It can be installed from Google Play Store. Navigate from here . After the environment is set, go to App settings from the System Settings and give the App Storage permission.  Basic linux command like cd, ls, pwd, cat, touch and many more or almost all can be made here on this prompt. To install packages like Python or Pip type in packages install <packageName> It's that simple.  Similarly, to execute a program or a package, type <packageName> then, the corresponding help will be appear. Rest is with you. This is how an installation screen appears to be.. Now, about storage. As the initial step, type in termux-setup-storage Typing pwd gives the current working directory and it will be something like /data/data/com.termux/files/
Post a Comment
Read more