Researchers at Georgia Institute of Technology and the University of California, Santa Barbara have discovered a new class of attacks on Android smartphones, which is called Cloak and Dagger. It allows fraudsters to carry out actions on a mobile device, the secret from the user: for example, to record button presses and to install applications.
Experts have discovered a serious vulnerability affecting all versions of Android OS (including the latest version of Android 7.1.2 Nougat). It also affects more than a billion devices around the world. With the help of Cloak and Dagger vulnerability attackers can steal data stored in the device information, creating a malicious application that requires only two permissions. The application need only to access BIND ACCESSIBILITY SERVICE (“a11y”) and SYSTEM ALERT WINDOW (drawing on top of other Windows), and it can record keystrokes on keyboard and steal passwords and other confidential data.
To force the user to provide the malware the requested access is not always easy, but in the Arsenal of cyber criminals a lot of ingenious techniques. Once the victim gave the above application permissions, attackers can quietly for her to download malware, steal information and get control over the device.
According to the researchers, the vulnerability enables all sorts of serious attacks, ranging from theft of passwords and PIN-codes and ending with the invisible installation of applications running in “God mode” and the victim won’t even know it.
Google has taken steps to improve the security of their mobile OS immediately after receipt of the vulnerability report. “We’ve updated Google Play Protect (our security service for all Android devices from Google Play) to detect and prevent the installation of such applications,” the company said.
It is expected that the patch for the vulnerability Cloak and Dagger will be released with the next scheduled updates for Android. However, given the fact that between the release of the update and its getting end-users goes a long time, the vulnerability poses a serious security threat.