What are you doing there on your smartphone? Attackers will find out all your secrets with the help of a new attack and an old bug in Android! Security specialists at MWR Labs reported an attack on Android smartphones running Lolipop, Marshmallow and Nougat OS versions.
The attack was carried out by taking advantage of an old bug in the MediaProjection service, created to capture the user's screen and record sound. MediaProjection has been around in Android since the beginning, but it used to require root access or signing a device activation key to use it. With the release of Android Lolipop 5.0, the situation has changed. Google made the service open to everyone, and the application began to simply request access to the system using “intel call” - a warning pop-up notification from SystemUI. MWR Labs specialists discovered that at the time of the request for permission to access the screen and video, the attackers superimposed a window with a different notification text on it. This scheme made it possible to capture the user's screen if he touched the SystemUI pop-up window, which displayed an arbitrary message. This technique is called tapjacking, and criminals have been using it for many years. “This vulnerability is caused by affected versions of Android not noticing such fake SystemUI notifications,” the researchers explain. “This allows an attacker to create an application that will overlay SystemUI notifications, resulting in escalation of application privileges and allowing the user to capture the user's desktop image.” So far, the problem has been fixed only in devices based on Android Oreo (8.0), but experts are already working on the security of gadgets with earlier versions of the operating system.
GO TO FULL VERSION