Security researchers from Promon had discovered a high risk/dangerous Android vulnerability, named ‘StrandHogg’. This vulnerability allows malware/malicious app to pose as legitimate apps. With the ability to allow malware/malicious app pose as legitimate apps, this vulnerability allows the attacker to make android phone users unaware they are being targeted.
Why this vulnerability is serious?
This is because once this vulnerability exploited by the attacker, the attacker can accomplish the following task:
- They can steal private SMS messages and photos
- Steal usernames and passwords
- Spy through a phone’s camera and microphone
- Drain bank accounts
- Track victim’s movements and location
- Access your contact list and phone logs
StrandHogg vulnerability is unique because it enables sophisticated attacks without the need for an android based smart device to be rooted, this vulnerability uses a weakness in the multitasking system of Android to enact powerful attacks that allows malicious apps to masquerade as any other app on the device. This exploit is based on/take advantage of an Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire.
StrandHogg vulnerability enable dangerous permission harvesting
Hackers can access private photos and messages because StrandHogg makes it possible for a malicious app to replace a legitimate permission pop-up with its own fake version that asks for access to any permission, including SMS, photos, microphone and GPS, allowing them to read messages, view photos, eavesdrop, and track the victim’s movements.
The attack can be designed to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims. Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using.
StrandHogg vulnerability enable the attacker to launch powerful phishing attacks
By exploiting Strandhogg vulnerability, an attacker can also trick a device so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen.
When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.
reference Site: https://promon.co/security-news/strandhogg and https://www.bbc.com/news/technology-50605455