Cloak and Dagger Android Exploit: Steals Password and Logs Keystrokes

Cloak and Dagger Android Exploit: Steals Password and Logs Keystrokes

Researchers at Georgia Institute of Technology and University of California, Santa Barbara, have uncovered vulnerabilities in Android Lollipop, Marshmallow, and Nougat operating systems.

Cloak and Dagger Android Exploit: Steals Password and Logs Keystrokes

According to researchers, malicious apps can exploit two permissions on the Play Store – ‘draw on top’ and ‘accessibility service’. Users can be attacked through one or both of these vulnerabilities. Attackers can clickjack, record keystrokes, steal device PINs, insert adware, and steal two-factor authentication tokens. The researchers referred to these attacks as the “Cloak & Dagger” class of potential attacks on Android devices. They allow a malicious app to take complete control of the device’s UI feedback loop and activity, without the user noticing.

This Vulnerability Had Been Exposed Earlier Too

Earlier this month, we reported a similar unfixed vulnerability in the Android operating system that utilizes the permission ‘System_Alert_Window’ to ‘draw on top’.

Cloak and Dagger Android Exploit: Steals Password and Logs Keystrokes

Earlier, the permission “System_Alert_Window” had to be manually granted by the user. However, apps like Facebook Messenger and others now use on-screen pop-ups, so Google now grants this permission by default.

While the vulnerability can potentially lead to a ransomware or adware attack, it would still be difficult for a hacker to initiate such an attack.

This permission is responsible for a significant percentage of ransomware, adware, and banker malware attacks on Android devices.

See also  5 Media Android Apps Not Available on Google Play Store

All apps downloaded from the Play Store undergo scanning for malicious codes and macros. Therefore, the attacker will need to bypass Google’s security system to gain access to the app store.

Google recently updated its mobile operating system with a layer of security that scans all apps downloaded from the Play Store.

Is Using Android Safe Right Now?

Malicious apps downloaded from the Play Store gain permissions automatically, enabling attackers to harm your device in several ways:

– Invisible Grid Attack: The attacker overlays an invisible grid onto the device, logging keystrokes.

– Stealing the device’s PIN and operating it in the background, even when the screen is off.

– Injecting adware into the device.

– Stealthily exploring the web and phishing.

The researchers alerted Google about these vulnerabilities, and while the company has implemented fixes, they aren’t fool-proof.

Cloak and Dagger Android Exploit: Steals Password and Logs Keystrokes

The update disables overlays, preventing the invisible grid attack. However, Clickjacking is still possible if a malicious app uses the phone unlocking method to unlock permissions, even when the screen is off.

The Google keyboard has been updated to prevent passwords from being leaked. Now, when entering a password, the keyboard logs it as a ‘dot’ instead of the actual character. However, attackers can still exploit this functionality.

The researchers noted that it is possible to determine which keyboard button was clicked by enumerating the widgets and their hashcodes. The hashcodes are designed to be pseudo-unique.

All vulnerabilities found in the research remain susceptible to attack despite Android’s latest security patch on May 5. The researchers created an app for the Google Play Store that requested the two mentioned permissions and displayed malicious intent. Despite this, the app was approved and is still available on the Play Store, revealing the ineffective security measures in place.

See also  4 Ways to Delete Apps on Your Android Device

What’s the Best Bet to Stay Safe?

Checking and disabling both these permissions manually for any untrusted app with access to them is the best bet. Here’s how to check which apps have access to these two permissions on your device:

– Android Nougat: “draw on top” – Settings -> Apps -> ‘Gear symbol’ (top-right) -> Special access -> Draw over other apps. For ‘a11y’, go to Settings -> Accessibility -> Services to check which apps require it.

– Android Marshmallow: “draw on top” – Settings -> Apps -> ‘Gear symbol’ (top-right) -> Draw over other apps. For ‘a11y’, go to Settings -> Accessibility -> Services to check which apps require it.

Google will provide security updates to address the issues identified by the researchers. Some of the vulnerabilities will be resolved with these updates, but concerns related to the ‘draw on top’ permission will remain until Android O is released. Internet security risks are increasing greatly, and the only way to protect your device is by installing a trusted antivirus software and being vigilant.

Leave a Comment