Friday, 26 May 2017 10:43

Android exploit adds secret, thieving layers to your phone


Researchers from UC Santa Barbara and Georgia Tech have discovered a fresh class of Android attacks, called Cloak and Dagger, that can operate secretly on a phone, allowing hackers to log keystrokes, install software and otherwise control a device without alerting its owner. Cloak and Dagger exploits take advantage of the Android UI, and they require just two permissions to get rolling: SYSTEM ALERT WINDOW ("draw on top") and BIND ACCESSIBILITY SERVICE ("a11y").

This concerns researchers because Android automatically grants the draw-on-top permission for any app downloaded from the Play Store, and once a hacker is in, it's possible to trick someone into granting the a11y permission. A Cloak and Dagger-enabled app hides a layer of malicious activity under seemingly harmless visuals, luring users to click on unseen buttons and keystroke loggers.

"To make things worse, we noticed that the accessibility app can inject the events, unlock the phone, and interact with any other app while the phone screen remains off," the researchers write. "That is, an attacker can perform a series of malicious operations with the screen completely off and, at the end, it can lock the phone back, leaving the user completely in the dark."


Google is aware of the exploit.

"We've been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer," a spokesperson says. "We have updated Google Play Protect -- our security services on all Android devices with Google Play -- to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues, moving forward."

One of the researchers, Yanick Fratantonio, tells TechCrunch the recent updates to Android O might address Cloak and Dagger, and the team will test it out and update its website accordingly. For now, he says, don't download random apps and keep an eye on those permissions.

Source: This article was published engadget.com By Jessica Conditt


  • Comment Link Fausto Sunday, 13 October 2019 20:24 posted by Fausto

    This probem applies to each participant inside activity
    - teammates, and enemies. Therefore, it iis very important
    for you to read through the details provided. Always remember, casino games are nnot
    all about luck.

  • Comment Link Derrick Saturday, 05 October 2019 21:48 posted by Derrick

    Seearch engine optimization. Good kind of targeted traffic can come from major
    search engines. Thus, these kinds of that you know easy methods to optimize each page of your website so they
    will be indexed by search electric motors. Sprinkle relevant keywords on your title
    page, domain name, and content.

    French Lick Springs Resort Brings Hoppe to Orange County, Indiana - Also frolm September of 2007.
    This one caught my attention because I am Larry Bird fan andd lived in French
    Coat. Her article means the town, not Harry!

    Make sure you types with it marks, tnis
    will give you rresults of pages wiith this exact term, not enhancing .
    get different ways to play soccer, or tips about getting great at soccer nevertheless the exact term soccer steps.

    With the effectiveness of blogs, you can also mwke a lot oof money without spending anything initially
    or coming soon. Over time a person build the blog with content bear in mind recognized by google and might get
    good page ranks.

    Your web based business should be built around a arena.

    Many peopple will go to broad. Foor example, "NFL Football" iis too broad.
    Many people are fighting for these keywords,sure it's being searched plenty oof but nobosy will find your website amongst
    other people. Youu would use something like "NFL Football Team Jerseys".

    You ought to know one thing that Google bots can't read the
    Flash file, they are made read the written text only each andd every you have images prtaining to your website after which
    sure effectively labeled or tagged this relative key-phrases.

    In reality, there consist of a thousand oone particular ways enhance your site and in the time you learn them they'll have changed.

    Most effective is to refer to with a nice and obtain the job performed correcly fro the start.
    These people do this soft of thhing every dday for an income and are constantly rated on their results.
    May become comes to locate engine optimzation ffor blog site
    it's silly to acquire the best blog arouund the
    hhho booster can't be located.

  • Comment Link ntc33 download Sunday, 18 August 2019 12:32 posted by ntc33 download

    You migt make quick money online in the event you take action on this information.
    Splitting a bone . give up too soon, not yoou have to nature virtually any business.
    Use a rose pdint paper and include quotes about roses. http://3win8.city/other-games/ntc33/19-ntc33

Leave a comment

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Book Your Seat for Webinar - GET 70% OFF FOR MEMBERS ONLY      Register Now