New Android Vulnerability Affects Everything on the Device



/ 3 years ago

Android Vulnerability

Following Stagefright, another worrying Android vulnerability has been uncovered by researchers. The security flaw can be exploited by taking advantage of the operating system’s multitasking functionality, giving hackers access to every part of the device. “The enabled attacks can affect all latest Android versions and all apps (including the most privileged system apps) installed on the system,” Chuangang Ren, security researcher from Penn State University, warned.

The researchers from Penn State who discovered the Android Vulnerability presented a paper on it at the USENIX Security 15 conference in Washington DC last week. It explained:

Android multitasking provides rich features to enhance user experience and offers great flexibility for app developers to promote app personalization. However, the security implications of Android multitasking remain under-investigated.

With a systematic study of the complex task dynamics, we find design flaws of Android multitasking which make all recent versions of Android vulnerable to task hijacking attacks. We demonstrate proof-of-concept examples utilising the task hijacking attack surface to implement UI spoofing, denial-of-service and user-monitoring attacks. Attackers may steal login credentials, implement ransomware and spy on user’s activities.

We have collected and analyzed over 6.8 million apps from various Android markets. Our analysis shows that the task hijacking risk is prevalent. Since many apps depend on the current multitasking design, defeating task hijacking is not easy.

The research team has notified Android about the vulnerability. Neither them nor Google – or Alphabet, as the parent company is now known – has commented on the findings of the paper.

UPDATE – 24th September, 2015:

Matt Penny from Google’s press office has issued the following statement:

“We appreciate this theoretical research as it makes Android’s security stronger. Android users are protected from attempts at phishing or hijacking like this (including manipulation of the user interface) with Verify Apps and Safety Net security features. Based on our research, fewer than 1% of Android devices had a Potentially Harmful App (PHA) installed in 2014, and fewer than 0.15% of devices that only install from Google Play had a PHA installed.”

Thank you The Register for providing us with this information.

Image courtesy of Hacoder.

Topics: , , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow. And continue to bring you the latest news, reviews, and competitions. Follow us on Facebook and Twitter to keep up with the latest technology. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!
eTeknix FacebookeTeknix TwittereTeknix Instagram

Check out our Latest Video

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

  • Be Social with eTeknix

  • itvpros.com
  • Poll

    Who Is Your Favourite Graphics Card Brand?

    View Results