Android Overlay and Accessibility Features Leave Millions at Risk

  • 24 May 2017
  • 1 reply
  • 12 views

Userlevel 7
Badge +54
By Tom Spring May 24, 2017
                                                   

 University researchers are warning that two features, not flaws, core to Google’s Android mobile operating system can be used together to launch clickjacking attacks to gain control of a target’s phone.
 
The discovery was made by researchers at Georgia Institute of Technology, who call the research Cloak and Dagger. It involves two Android features and permissions called System Alert Window and Bind Accessibility Service.
 
Full Article

1 reply

Userlevel 7
Badge +54

Malicious combination of legitimate permissions

 
25 May 2017 at 11:08, John Leyden A distinct class of Android vulnerability has been unearthed by computer scientists at the Georgia Institute of Technology in Atlanta.
 
"Cloak and dagger" is a new kind of attack vector affecting Android devices (including the latest version, 7.1.2). "Attacks allow a malicious app to completely control the UI feedback loop and take over the device – without giving the user a chance to notice the malicious activity," according to the researchers.
 
Full Article

Reply