Monday 5 June 2017, Poradnik bezpieczeństwa

Cloak and Dagger exploit – another threat aimed at Android users

Lost24

The security experts from Georgia Institute of Technology (“Georgia Tech”) have discovered a new class of potential attacks affecting Android devices. The exploit, called Cloak and Dagger, affects all versions of Android systems, including the latest 7.1.2.

The way Cloak and Dagger works is pretty straightforward: a malicious app gets downloaded and installed to the Android device, with the necessary permissions being granted without requiring the user’s input.

The exploit takes advantage of two Android permissions – SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”). The first permission allows apps to overlap on a device’s screen, and the second lets disabled users enter inputs via voice commands.

Once these two permissions have been granted, the number of attacks that could occur are numerous. A skillful hacker can – without a user's knowledge – perform a clickjacking, steal PINs and passwords (by recording keystrokes), or even install a God-mode app. This is thanks to the combination of overlays to trick the user into thinking they are interacting with a legitimate app.

According to Georgia Tech the Android users should check which applications have access to the “draw on top” and the “a11y” permissions. They can also disable the “draw on top” permission used in Android 7.1.2.