Connect with us

Android Bug: Latest Flaw Involving Spoofed User Interface Could Affect Everything

Android Bug: Latest Flaw Involving Spoofed User Interface Could Affect Everything

Technology

Android Bug: Latest Flaw Involving Spoofed User Interface Could Affect Everything

After Stagefright, another Android flaw that claims to affect everything has been brought to the fore.

After Stagefright, another Android flaw that claims to affect everything has been brought to the fore.

As opposed to the issue involving multimedia messages – which was the underlining feature of Stagefright – this time the problem is associated with Android’s ability to run in excess of one app at the same time.

The latest breach could allow hackers to gain access into the phone, and steal login details and install ransomware, among other things. It works by presenting a spoofed user interface to the owner – controlled entirely by the hacker – when they open an application. This will not let the owner know that they are inputting login information and details in another app in disguise.

Also read: After Xiaomi, Asus Releases Firmware Update For Zenfone 2, Promises To Fix Stagefright Bug

‘Security implications of Android multitasking remain under-investigated’

“The enabled attacks can affect all latest Android versions and all apps (including the most privileged system apps) installed on the system,” Chuangang Ren, a security researcher from Penn State University, said.

A paper explaining the threat was presented at the USENIX Security 15 conference in Washington DC last week.

“Android multitasking provides rich features to enhance user experience and offers great flexibility for app developers to promote app personalization,” it said.

“However, the security implications of Android multitasking remain under-investigated. With a systematic study of the complex task dynamics, we find design flaws of Android multitasking which make all recent versions of Android vulnerable to task hijacking attacks. We demonstrate proof-of-concept examples utilising the task hijacking attack surface to implement UI spoofing, denial-of-service and user-monitoring attacks. Attackers may steal login credentials, implement ransomware and spy on user’s activities.”

Also read: Android Security Flaw: Motorola Announces Plans To Fix Stagefright Bug

‘Android users are protected from attempts at phishing or hijacking’

According to The Register, a Google spokeswoman said, “We appreciate this theoretical research as it makes Android’s security stronger.

“Android users are protected from attempts at phishing or hijacking like this (including manipulation of the user interface) with Verify Apps and Safety Net security features.”

[divider]

You might also be interested in: Yvonne Craig, Iconic ‘Batgirl’ From 1960s Batman Series, Has Passed Away At 78, Life Highlights

[divider]

About Shaurya Arya

Shaurya covers wide range of genres. He is in the know about the day-to-day happenings in the US. He covers politics, environment, lifestyle and sports. Follow him to know the latest development in the US Presidential Election, rescue operations during tornadoes and other calamities or simply whether those viral videos and memes are true or hoax. With a Masters in Journalism, he has a bright future ahead in the field of writing and reporting.

More in Technology

Good News

To Top