Cloak & Dagger is a newly-discovered Android feat that lets hackers censor antagonistic activity

Size:


Researchers from Georgia Institute of Technology have expelled a full report on a new attack matrix that affects Android up to chronicle 7.1.2. The exploit, called Cloak Dagger, uses Android’s pattern and screen behaviors against users, effectively hiding activity behind several app-generated interface elements that lets a hacker squeeze screen interactions and censor activity behind clearly harmless screens.

The team, Yanick Fratantonio, Chenxiong Qian, Simon Pak Ho Chung, and Wenke Lee, have combined explanation of judgment users of the feat including a bit of malware that draws an invisible grid over the Android screen that accurately mirrors – and can capture – the onscreen keyboard.

“The probable attacks embody modernized clickjacking, unrestrained keystroke recording, cat-like phishing, the wordless designation of a God-mode app (with all permissions enabled), and wordless phone unlocking + capricious actions (while gripping the screen off),” wrote the researchers on a dedicated website. They detected the feat last August.

From the paper:

Cloak Dagger is a new category of intensity attacks inspiring Android devices. These attacks concede a antagonistic app to totally control the UI feedback loop and take over the device — but giving the user a possibility to notice the antagonistic activity. These attacks only need two permissions that, in case the app is commissioned from the Play Store, the user does not need to categorically extend and for which she is not even notified. Our user study indicates that these attacks are practical. These attacks impact all new versions of Android (including the latest version, Android 7.1.2), and they are nonetheless to be fixed.

The feat depends essentially on Android’s SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”) to draw interactive elements over genuine apps. For example, in the picture above, the group drew a reasonable mock-up of the Facebook cue margin over the genuine cue margin for the app. The user then typed in their genuine cue into the clearly genuine cue field. However, when the Facebook app is sealed you can see the remaining cue margin unresolved in space.

The easiest way to invalidate this feat in Android 7.1.2 is to spin off the “draw on top” permission in SettingsApps”Gear symbol”Special accessDraw over other apps.

“All the attacks discussed by this work are still practical, even with latest chronicle of Android (Android 7.1.2, with confidence rags of May 5th installed),” the researchers wrote. We will refurbish this post with criticism from Google and the team.


Write comment

Share with: Twitter Delicious Facebook Digg Stumbleupon Wordpress Googlebuzz Myspace Gmail Newsvine Favorites More
You can leave a response, or trackback from your own site.