A bug in Android allows you to record everything
Specialists MWR Labs told (PDF) about a new, rather interesting vector of attacks on Android-devices. The researchers claim that their attack will work against gadgets running Lolipop, Marshmallow and Nougat, which is about 77.5% of all devices based on Android.
The key component of the attack is the service MediaProjection, which allows you to capture all that is happening on the screen, and record system audio. This service is present in Android from the very beginning, and earlier it was required to use root-access and special keys, that is, the use of media projection, as a rule, was limited to system applications created by the manufacturers themselves.
However, with the release of Android Lolipop (5.0), Google engineers abolished these restrictions by opening service for everyone. Worse, to use MediaProjection, the application does not even need to ask the user for any rights.
Researchers explain that when accessing MediaProjection, the application notifies the user only via an intent call – a SystemUI notification that informs that the application intends to intercept the screen “picture” and system audio and request permission. Experts have found out that such a request is very easy to disguise if you know exactly when it will appear on the display and display another notification of SystemUI on top of it. A similar technique is called tapjacking, and criminals have been using it for many years.
“This vulnerability is caused by the fact that the affected versions of Android can not notice such fake notifications of SystemUI,” the researchers explain. “This allows the attacker to create an application that overlays overlays on top of SystemUI notifications, which will result in an escalation of application privileges and will allow the user to capture the image from the user’s desktop.”
As part of Android Oreo (8.0), released this fall, the problem described by experts was eliminated, but due to the huge fragmentation of the market, most devices still remain vulnerable. According to the researchers, the only consolation can be the fact that the attack is not completely “invisible”. So, during the recording of audio or all that is happening on the desktop in the notification panel, the corresponding icon will be displayed, which the user can see.
Now your take on this argument.
We would also like to hear what you feel about the topic we discussed today. Your feedback is very important to us. Feel free to drop your comments and recommendations. If you have a contrary opinion, you can drop that too.
You can also join our Facebook Page CRMNigeria for more updates. You can do that by clicking on the link or searching for our page on Facebook.
You need to confirm your subscription by clicking on the link sent to you. You can check the spam folder for it. Add us to your mailing list to receive directly from us.
PS: Click on the link below to sign up for my Online E-Course CRM Training. Make sure you confirm your subscription by clicking on the link sent to you. Thanks.
7 total views, 3 views today