Saturday, 14 December 2019
Latest news
Main » New ‘Strandhogg’ vulnerability targeting Android users discovered

New ‘Strandhogg’ vulnerability targeting Android users discovered

04 December 2019

Similarly, they can also lure users into giving additional permissions for spying. This is an OS-level that, sadly, hasn't been fixed by Google in any version of Android to date and all Android devices are exposed to this security flaw and malicious intent. At the time, this was covered (but not explained), in the Czech media. "The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected", Promon CTO Tom Lysemose Hansen says.

In its report, the security firm further added that there's no reliable method of detecting StrandHogg exploit being abused on a device. To carry out attacks, the attacker doesn't need any special permissions on the device.

They found that 60 separate financial institutions were being targeted via apps that sought to exploit the loophole.

In addition to the threats listed above, an attacker could leverage StrandHogg to access a user's private photos and files, get location and Global Positioning System information, access a user list of contacts, and sift through phone logs.

More news: On World AIDS Day, Trump Vows To End Epidemic In 10 Years

Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app.

The company claimed the loophole exists in the multi-tasking system of Android and that threat actors have been exploiting it with malicious apps that compromise legit apps and steal confidential login passwords, location, messages, and other private data from them.

According to the researchers, some of the identified malicious apps were also being distributed through several droppers and hostile downloader apps available on the Google Play Store.

These particular apps have been removed by Google, but dropper apps often bypass Google Play's protections and trick users into downloading them by pretending to have the functionality of popular apps.

More news: US facing possible french fry shortage due to weak potato harvest

Promon reported the Strandhogg vulnerability to the Google security team this summer and disclosed details today when the tech giant failed to patch the issue even after a 90-day disclosure timeline.

What's worse is that Promon claims the vulnerability can be exploited without root access, and researchers from Lookout say they have already identified a total of 36 malicious apps whose goal is to take advantage of StrandHogg.

Typos and mistakes in the user interface.

Google has responded to news of the vulnerability by saying: "We appreciate the researchers' work, and have suspended the potentially harmful apps they identified".

More news: Delph and Coleman ruled out for Everton against Liverpool

New ‘Strandhogg’ vulnerability targeting Android users discovered