By Tom Spring May 24, 2017
University researchers are warning that two features, not flaws, core to Google’s Android mobile operating system can be used together to launch clickjacking attacks to gain control of a target’s phone.
The discovery was made by researchers at Georgia Institute of Technology, who call the research Cloak and Dagger. It involves two Android features and permissions called System Alert Window and Bind Accessibility Service.
Full Article
Malicious combination of legitimate permissions
25 May 2017 at 11:08, John Leyden A distinct class of Android vulnerability has been unearthed by computer scientists at the Georgia Institute of Technology in Atlanta.
"Cloak and dagger" is a new kind of attack vector affecting Android devices (including the latest version, 7.1.2). "Attacks allow a malicious app to completely control the UI feedback loop and take over the device – without giving the user a chance to notice the malicious activity," according to the researchers.
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.