SECURITY
SECURITY
SECURITY
Android ‘StrandHogg’ vulnerability allows attackers to insert fake login screens
A newly discovered Android vulnerability being exploited in the wild allows attackers to insert fake login screens into legitimate apps to steal credentials as well as undertake various other nefarious activities.
Detailed today by security researchers at Promon, the vulnerability, dubbed “StrandHogg,” exists as a result of the way Android handles multitasking. Found in all versions of Android including Android 10, the vulnerability allows a malicious app installed on an Android device to trigger malicious code when a user opens another app.
The malicious code can include fake login screens that appear to be from the legitimate app but are instead generated from the malicious app. Those currently exploiting the vulnerability are doing exactly that, specifically targeting banking apps, tricking users into entering their login details on a fake login screen, the users none the wiser as they’ve clicked on their banking app.
The discovery of the vulnerability came about after Promon was contacted by a Czech bank that couldn’t work out how money was being siphoned from customer accounts. It’s now believed that up to 60 different financial institutions may be have been targeted with 36 malicious apps found to be designed to exploit StrandHogg including some in the Google Play Store.
While stealing banking login details has been the initial focus of those exploiting the vulnerability, the researchers warn that it can be used various other purposes. StrandHogg opens the door for attackers to listen to a user through a microphone, take photos using the device’s camera, read and send SMS text messages, make or record phone conversations, phish login credentials, obtain access to all files and logs on a device and finally access location and GPS information.
Craig Young, computer security researcher for enterprise cybersecurity firm Tripwire Inc.’s vulnerability and exposure research team, told SiliconANGLE that user interface redressing vulnerabilities can be particularly dangerous in mobile platforms where there are typically already fewer on-screen indicators to confirm what site a user is interacting with.
“In general, users must be careful about installing apps which request the screen overlay permission or require accessibility settings,” Young said. “Where available, users should also make sure that the ‘Verify Apps’ setting is enabled in Android’s security settings.”
Photo: Blogrepreneur/Flickr; image: Promon
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
