Monday 5 June 2017, Safety Guide
Cloak and Dagger exploit – another threat aimed at Android users
Lost24
The security experts from Georgia Institute of Technology (“Georgia Tech”) have discovered a new class of potential attacks affecting Android devices. The exploit, called Cloak and Dagger, affects all versions of Android systems, including the latest 7.1.2.
The way Cloak and Dagger works is pretty straightforward: a malicious app gets downloaded and installed to the Android device, with the necessary permissions being granted without requiring the user’s input.
The exploit takes advantage of two Android permissions – SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”). The first permission allows apps to overlap on a device’s screen, and the second lets disabled users enter inputs via voice commands.&l