Report: Android UI design issues could secretly open up your phone to malicious attacks
A small team of security experts have recently exposed “design issues” in the Android UI, which, according to them, could be used by cybercriminals to imperceptibly steal passwords and personal data from smartphones running the latest Android 7.1.2 or earlier versions of the platform.
The experts describe a new technique called “Cloak & Dagger”, which makes it possible to turn a malicious app into an open, but well concealed door to your smartphone. It needs just two permissions to run: the first one enables the so-called “draw on top” feature used to, well, draw windows or other app elements on top of others, while the second, known as “a11y”, is meant to enable assistive interface features for users with disabilities. But once given, these permissions could allow hackers to pull off all kinds of tricks, such as registering every word you type, passwords included, or to install their own malicious apps with all permissions granted to get full control over the mobile device. Here is how such a stealth attack could look:
But not everything here is so scary as it might look. First, the Android UI vulnerabilities have been exposed by security experts, not hackers, and right now there are no known attacks or viruses that use the “Cloak & Dagger” exploit. Besides, all the relevant information is already presented to Google, so the giant is probably going to address the issue in its upcoming software developments. In fact, Google is already working on such security improvements intended to restrict apps from drawing over the system UI for its Android O platform.
And if you want to go the extra mile, permissions that are granted automatically can be fixed relatively easy. In Android 7.1.2, you can switch the "draw on top" permission off by opening "Settings> Apps> Settings (the Gear symbol) > Special acess> Draw over the apps". And you can check which apps require the “a11y” permission in “Settings> Accessibility> Services”.
Posts: 1824; Member since: Oct 20, 2010
posted on May 29, 2017, 10:16 AM 1
Posts: 19; Member since: Mar 27, 2017
posted on May 29, 2017, 10:31 AM 9
Posts: 378; Member since: Apr 27, 2017
posted on May 29, 2017, 1:13 PM 0
Posts: 22; Member since: Jan 13, 2016
posted on May 29, 2017, 10:32 AM 1
Posts: 2934; Member since: Jun 30, 2014
posted on May 29, 2017, 10:30 AM 8
Posts: 1972; Member since: May 19, 2017
posted on May 29, 2017, 11:33 AM 0
Posts: 14967; Member since: Sep 25, 2013
posted on May 29, 2017, 11:40 AM 5
Posts: 769; Member since: Jul 28, 2016
posted on May 29, 2017, 12:58 PM 9
Posts: 2981; Member since: Jun 19, 2012
posted on May 29, 2017, 10:54 AM 7
* Some comments have been hidden, because they don't meet the discussions rules.
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
- Off-topic talk - you must stick to the subject of discussion
- Trolling - see a description
- Flame wars
- Offensive, hate speech - if you want to say something, say it politely
- Spam/Advertisements - these posts are deleted
- Multiple accounts - one person can have only one account
- Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):