Researchers find vulnerability in Android which attack hides
Researchers from the Georgia Institute of Technology have found a new vulnerability discovered in Android. With the so-called Cloak & Dagger is an attack hidden for the user.
Through the vulnerability could allow a malicious application, the user interface and eventually the entire phone to take over, warn the researchers on their website. It does this by two permissions of the user, namely “System Alert Window” and “Bind Accessibility Service”.
If the app is on Google Play is downloaded it is not necessary, however, to the permission to grant the permissions to use. There is no warning in the picture. After the download, is it possible to unlock the phone, keys and pin codes to store and tokens for tweestapsauthenticatie to steal.
The user has nothing, because the permissions make it possible to have a different screen to show. The scientists installed the malware during an investigation under twenty people. No single participant was found to have what was happening.
The researchers explained Google in August 2016. After months of communicating suggested Google, however, that it is not a security issue and that the features are working properly. There is no solution for the problem. Therefore, researchers decided now to show the vulnerability to the outside. The scientists recommend users to check which apps have the permissions.