Massive Android vulnerability discovered: Cloak and Dagger takes advantage of the Android UI
Irish Sun - Saturday 27th May, 2017
The Cloak and Dagger-enabled app needs just two permissions to get rolling
Researchers from UC Santa Barbara and Georgia Tech found the new type of Android attacks
The Cloak and Dagger operates secretly on the smartphone
CALIFORNIA, U.S. - Researchers from UC Santa Barbara and Georgia Tech have discovered a new type of Android attack, called Cloak and Dagger.
A report noted that the Cloak and Dagger takes advantage of the Android UI and they need just two permissions to get rolling.
According to the researchers, the Cloak and Dagger operates secretly on the smartphone, allowing hackers to log keystrokes or install malicious softwares without alarming the owner.
Researchers pointed out that since Android OS automatically grants these permissions for any app from the Play Store, this would mean that once a hacker is in the system, it is possible to trick the user into granting the a11y permission.
They noted that the app hides a layer of malicious activity under seemingly harmless visuals and lures users to click on unseen buttons and keystroke loggers.
In their report, the researchers noted, “To make things worse, we noticed that the accessibility app can inject the events, unlock the phone, and interact with any other app while the phone screen remains off. That is, an attacker can perform a series of malicious operations with the screen completely off and, at the end, it can lock the phone back, leaving the user completely in the dark."
Further, one of the researchers, Yanick Fratantonio, said, "We've been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer. We have updated Google Play Protect - our security services on all Android devices with Google Play - to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues, moving forward."
Clint Eastwood's The 15:17 to Paris recreates the 2015 Thalys train attack, in which Moroccan-born Ayoub El Khazzani, armed with an assault rifle, a 9mm handgun, and 300 rounds of ammunition, attempted to open fire on a crowded train travelling ...