Security researchers discovered a critical flaw named StrandHogg 2.0 in Android OS which allows hackers to gain access to almost all applications.
Security researchers discovered a critical flaw named StrandHogg 2.0 in Android OS which allows hackers to gain access to almost all applications.
The flaw (CVE-2020-0096) was discovered by Researchers at Promon security firm and affects all version of Android OS except the latest version.
Earlier in December 2019, the same researcher’s discovered a critical flaw named StrandHogg which allows malicious apps to ask for permissions pretending to be legitimate apps.
Attackers can ask for permissions for accessing SMS, contacts, photos, microphone, and GPS allowing them access to sensitive information.
When the user taps the icon of the legitimate app the malicious version of the app will be displayed on the screen and all the sensitive details entered by the users are sent to the attacker immediately.
The StrandHogg 1.0 flaw uses a weakness in the multitasking system of the android system while the new version is elevation privilege flaw allows access to almost all apps on the device.
The earlier version can attack only one app at a time the StrandHogg 2.0 is capable of “dynamically attack nearly any app on a given device simultaneously at the touch of a button”
StrandHogg 2.0 also doesn’t require any access or permissions in order to be executed and it also much more difficult to detect because of its code based detection.
“Attackers exploiting StrandHogg have to explicitly and manually enter the apps they are targeting into Android Manifest, with this information then becoming visible within an XML file which contains a declaration of permissions, including what actions can be executed.” said in the blog post published by researchers
The StrandHogg 2.0 allows to gain access to private SMS messages and photos, steal login credentials, track GPS movements, make and/or record phone conversations, and spy through a phone’s camera and microphone.
Researchers notified the flaw to Google on December 2019 and security patch was released to respective smartphone manufactures in April 2020.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.Y
You may be interested in reading: Private Zoom Video Recordings Exposed Online