Researchers discovered a new vulnerability in android devices, Android 7.1.2. The exploit, Cloak & Dagger, uses Android’s design and screen behaviors against users, effectively hiding activity behind various app-generated interface elements that lets a hacker grab screen interactions and hide activity behind seemingly innocuous screens.
Researchers from Georgia Institute of Technology, said, the attacks include advanced clickjacking, unconstrained keystroke recording, secret phishing, the silent installation of a God-mode app, silent phone unlocking, and random actions while keeping the screen off.
The exploit depends primarily on Android’s SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”) functions. After the install the malicious app the user is not notified about permissions.
Don’t ask explicit permission if the attack is succeeding. Attacks including capturing passwords or extracting contacts might be possible.
In one case, the group created a password form that appeared as though it was part of the Facebook app. Once a user entered the password, the form would disappear, but the attacker would know what the user typed.
Researchers explain the process to disable the exploit in Android 7.1.2 is to turn off the “draw on top” permission in Settings>Apps>Gear symbol>Special access>Draw over other apps.
Researcher Yanick Fratantonio, said, users don’t install random apps, check the permissions they have, but it’s tricky these permissions are treated as ‘special’ and the user needs to navigate to special menus. We added the instructions to the website.
Google appreciates the efforts of researchers to help keep the users safe. Google said, the updated Google Play Protect can detect and prevent the installation of these apps. Google built new security protections into Android O that will further strengthen our protection from these issues moving forward.