Android WARNING – Hackers Can Record ANYTHING You Do
Cybercriminals Can Record EVERYTHING You Do on Your Android Phone
A catastrophic new cyberattack has been discovered – and it affects all versions of the Android operating system up to version 7.1.2, researchers at the Georgia Institute of Technology have said.
Worse yet, Google will have a hard time stopping this latest attack, due to the way it infiltrates your Android device’s permissions, the researchers added.
Double Cloak and Dagger, the terrifying new attack allows hackers to silently take control of your smartphone and steal private data, including every keystroke, chats, PIN, online account passwords, contacts, and more.
Cloak and Dagger does not exploit any specific vulnerability of the Android operating system.
Instead, the new smart attack abuses the permissions of legitimate apps that are widely used by legitimate apps to access certain features on an Android device, researchers have claimed.
Hackers must use two permissions to launch the attack.
The first permission, known as “Draw On Top”, is a legitimate permission that allows apps to overlap on screen as well as on other apps.
The second, known as “a11y”, is designed to help visually impaired Android users, allowing them to enter data with voice commands or listen to on-screen content using a dial-up function. screen reader.
According to the findings of Georgia Institute of Technology, a malicious app subjected to cold from Google Play Store exploits these legitimate app permissions to allow hackers to gain access to your Android smartphone.
Once the malicious app is installed on a device, hackers can log every keystroke you type, install other apps without your knowledge, silently unlock the device without waking up the screen.
Cybercriminals could spy on all the activities you do on your phone.
Hackers can take control of your phone silently and steal private data including keystrokes, chats,
Researchers have posted a number of video demonstrations of the Cloak and Dagger attacks – and it’s a little terrifying.
Unfortunately, it will not be easy for Google to protect users from this type of attack.
According to Yanick Fratantonio, first author of the Georgia Institute of Technology article, “Changing a feature is not like fixing a bug.
“System designers will now have to think more about how seemingly unrelated functionality might interact. Features do not work separately on the device. “
Google is set to change the policy regarding “Draw On Top” permission with Android 8.0, which is slated for release later this year.
This should stop the Cloak and Dagger attack, the researchers said.
However, the next version of Android will take a long time to roll out to users.
Adrian Ludwig, a member of the Android security team, recently revealed that “about half of the devices in use at the end of 2016 had not received a platform security update during the last year “.
Yes, it’s true. “About half” of all Android devices haven’t received a single security update in the past year.
Android Security Year in Review Highlights a Number of Improvements to the Android Ecosystem
This is not good news, especially when paired with the latest findings from the Georgia Institute of Technology.
Unlike iOS software updates, which are rolled out simultaneously to all compatible devices by Apple itself, Google delivers its software updates to individual device manufacturers, known as OEMs.
Unfortunately, a worrying number of these manufacturers are slow to adopt critical operating system updates and security fixes.
Google is well aware of the problem and has been desperate for a solution for years.
The California-based company has even considered a plan to publicly name and shame cell phone carriers and device makers that are dragging their feet with important updates.
Fortunately, there is a workaround.
According to tech blog News from hackers, the best way to disable Cloak and Dagger attacks in Android 7.1.2 is to manually disable the “Draw On Top” permission.
Head toward Settings> Apps> Gear symbol> Special access> Draw on other apps.
Another precaution is to only download apps from trusted and verified developers from the Google Play Store.