Major Security Bug Called StrandHogg Discovered in All Android Versions
upstart writes in with a submission, via IRC, for chromas.
Major Security Bug Called StrandHogg Discovered in All Android Versions
Security company Promon has discovered a critical vulnerability affecting all Android versions, including Android 10, which can allow an attacker to obtain full access to a compromised device.
Baptized StrandHogg, the security flaw allows infected apps to pose as legitimate apps, and researchers explain that all top 500 most popular apps available on Android are currently at risk.
The vulnerability enables malicious apps to be disguised as legitimate ones by exploiting a bug in the Android multitasking engine. An infected app can ask for permissions on behalf of a legitimate app when users launch the multitasking interface, basically tricking targets into believing they are interacting with the legitimate one.
"This exploit is based on an Android control setting called 'taskAffinity' which allows any app - including malicious ones - to freely assume any identity in the multitasking system they desire," Promon notes.
[...] Vulnerability already being exploited in the wild
[...] Very important to know is that StrandHogg does not spread through applications published in the Google Play Store. However, it can use other infected apps that are already listed in the Play store to download the necessary payload that eventually exploits StrandHogg on a vulnerable device.
[...] Promon has already reported the vulnerability to Google, but patches aren't yet available. Google, however, removed the affected apps that could help drop StrandHogg on an Android device.
Also at Dark Reading, TechXplore and ZDNet.
Read more of this story at SoylentNews.