News

New Android Vulnerability Affects Everything on the Device

Following Stagefright, another worrying Android vulnerability has been uncovered by researchers. The security flaw can be exploited by taking advantage of the operating system’s multitasking functionality, giving hackers access to every part of the device. “The enabled attacks can affect all latest Android versions and all apps (including the most privileged system apps) installed on the system,” Chuangang Ren, security researcher from Penn State University, warned.

The researchers from Penn State who discovered the Android Vulnerability presented a paper on it at the USENIX Security 15 conference in Washington DC last week. It explained:

Android multitasking provides rich features to enhance user experience and offers great flexibility for app developers to promote app personalization. However, the security implications of Android multitasking remain under-investigated.

With a systematic study of the complex task dynamics, we find design flaws of Android multitasking which make all recent versions of Android vulnerable to task hijacking attacks. We demonstrate proof-of-concept examples utilising the task hijacking attack surface to implement UI spoofing, denial-of-service and user-monitoring attacks. Attackers may steal login credentials, implement ransomware and spy on user’s activities.

We have collected and analyzed over 6.8 million apps from various Android markets. Our analysis shows that the task hijacking risk is prevalent. Since many apps depend on the current multitasking design, defeating task hijacking is not easy.

The research team has notified Android about the vulnerability. Neither them nor Google – or Alphabet, as the parent company is now known – has commented on the findings of the paper.

UPDATE – 24th September, 2015:

Matt Penny from Google’s press office has issued the following statement:

“We appreciate this theoretical research as it makes Android’s security stronger. Android users are protected from attempts at phishing or hijacking like this (including manipulation of the user interface) with Verify Apps and Safety Net security features. Based on our research, fewer than 1% of Android devices had a Potentially Harmful App (PHA) installed in 2014, and fewer than 0.15% of devices that only install from Google Play had a PHA installed.”

Thank you The Register for providing us with this information.

Image courtesy of Hacoder.

Ashley Allen

Disqus Comments Loading...

Recent Posts

Nvidia’s GeForce RTX 5090 Possible Price Revealed

According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…

4 hours ago

AMD Krackan Processor with 6 Zen 5 and Zen 5c Cores for Budget AI Laptops Leaked

A new AMD processor in the form of an engineering model has been leaked in…

5 hours ago

SK Hynix Begins Production of First 321-Layer NAND Chips

SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…

5 hours ago

Trust Gaming GXT 609 Zoxa 2.0 PC Speakers

SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…

9 hours ago

PowerA Wired Controller for Nintendo Switch

Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…

9 hours ago

Logitech G Saitek PRO Flight Rudder Pedals

Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…

9 hours ago