Thursday, 25 May 2017

Android warning: Newly-discovered Android exploit" Cloak & Dagger" that can show users a fake screen

The discovery was made by researchers at Georgia Institute of Technology (Georgia Tech), who has tested the vulnerability in closed environments.

How to Avoid that Attack 
The exploit depends primarily on Android’s SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”) to draw interactive elements over real apps.

The first permission, known as "draw on top," is a legitimate overlay feature that allows apps to overlap on a device's screen and top of other apps(Settings>Apps>”Gear symbol”>Special access>Draw over other apps)

1.  New attack found to start with Android users downloading infected apps
2.Hackers overlay screen with false information to gather data without being seen
3.They are able to do this by combining permissions for two certain features 
4.Features involved are very useful in mapping, chat or password manager apps

The two features involved are very useful in mapping, chat or password manager apps, so preventing their misuse will require users to trade convenience for security. 
The attack, dubbed 'Cloak and Dagger', enables cyberthieves to control handsets by overlaying the interface with false information to hide malicious activities being performed underneath

                                                                          @@@Hackerinfoindia@@@