Android Bug: Latest Flaw Involving Spoofed User Interface Could Affect Everything

Android Bug: Latest Flaw Involving Spoofed User Interface Could Affect Everything
Share on Facebook
Share on Twitter
Share on Google+
Share on LinkedIn
Pin to Pinterest
Share on StumbleUpon
What's This?

After Stagefright, another Android flaw that claims to affect everything has been brought to the fore.


As opposed to the issue involving multimedia messages – which was the underlining feature of Stagefright – this time the problem is associated with Android’s ability to run in excess of one app at the same time.

The latest breach could allow hackers to gain access into the phone, and steal login details and install ransomware, among other things. It works by presenting a spoofed user interface to the owner – controlled entirely by the hacker – when they open an application. This will not let the owner know that they are inputting login information and details in another app in disguise.

Also read: After Xiaomi, Asus Releases Firmware Update For Zenfone 2, Promises To Fix Stagefright Bug

‘Security implications of Android multitasking remain under-investigated’

“The enabled attacks can affect all latest Android versions and all apps (including the most privileged system apps) installed on the system,” Chuangang Ren, a security researcher from Penn State University, said.

Like us on Facebook

A paper explaining the threat was presented at the USENIX Security 15 conference in Washington DC last week.

“Android multitasking provides rich features to enhance user experience and offers great flexibility for app developers to promote app personalization,” it said.

“However, the security implications of Android multitasking remain under-investigated. With a systematic study of the complex task dynamics, we find design flaws of Android multitasking which make all recent versions of Android vulnerable to task hijacking attacks. We demonstrate proof-of-concept examples utilising the task hijacking attack surface to implement UI spoofing, denial-of-service and user-monitoring attacks. Attackers may steal login credentials, implement ransomware and spy on user’s activities.”

Also read: Android Security Flaw: Motorola Announces Plans To Fix Stagefright Bug

‘Android users are protected from attempts at phishing or hijacking’

According to The Register, a Google spokeswoman said, “We appreciate this theoretical research as it makes Android’s security stronger.

“Android users are protected from attempts at phishing or hijacking like this (including manipulation of the user interface) with Verify Apps and Safety Net security features.”

You might also be interested in: Yvonne Craig, Iconic ‘Batgirl’ From 1960s Batman Series, Has Passed Away At 78, Life Highlights