Following Stagefright, another worrying Android vulnerability has been uncovered by researchers. The security flaw can be exploited by taking advantage of the operating system’s multitasking functionality, giving hackers access to every part of the device. “The enabled attacks can affect all latest Android versions and all apps (including the most privileged system apps) installed on the system,” Chuangang Ren, security researcher from Penn State University, warned.
The researchers from Penn State who discovered the Android Vulnerability presented a paper on it at the USENIX Security 15 conference in Washington DC last week. It explained:
Android multitasking provides rich features to enhance user experience and offers great flexibility for app developers to promote app personalization. However, the security implications of Android multitasking remain under-investigated.
With a systematic study of the complex task dynamics, we find design flaws of Android multitasking which make all recent versions of Android vulnerable to task hijacking attacks. We demonstrate proof-of-concept examples utilising the task hijacking attack surface to implement UI spoofing, denial-of-service and user-monitoring attacks. Attackers may steal login credentials, implement ransomware and spy on user’s activities.
We have collected and analyzed over 6.8 million apps from various Android markets. Our analysis shows that the task hijacking risk is prevalent. Since many apps depend on the current multitasking design, defeating task hijacking is not easy.
The research team has notified Android about the vulnerability. Neither them nor Google – or Alphabet, as the parent company is now known – has commented on the findings of the paper.
UPDATE – 24th September, 2015:
Matt Penny from Google’s press office has issued the following statement:
“We appreciate this theoretical research as it makes Android’s security stronger. Android users are protected from attempts at phishing or hijacking like this (including manipulation of the user interface) with Verify Apps and Safety Net security features. Based on our research, fewer than 1% of Android devices had a Potentially Harmful App (PHA) installed in 2014, and fewer than 0.15% of devices that only install from Google Play had a PHA installed.”
Thank you The Register for providing us with this information.
Image courtesy of Hacoder.
LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…
The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…
【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…
FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…
The Definitive Version of Shin Megami Tensei V - Fully evolved with stunning visuals for…
【Unique Split Design】5200mAh hand warmers rechargeable together with double-sided heating function, split snap swivel design,…