Newly Discovered StrandHogg Vulnerability Puts All Android Users at Risk

Android 'spoofing' bug helps targets bank accounts

Android 'spoofing' bug helps targets bank accounts

Security researchers say millions of Android phones are susceptible to a newly discovered vulnerability that, if exploited, could allow an attacker to spy on users through the phone's microphone, take photos with the phone's camera, read and send SMS text messages, make and record phone conversations, phish login credentials, and a host of other nefarious deeds. Security researchers from Promon have discovered the "Strandhogg" vulnerability which has affected all Android versions including the latest Android 10.

The request showing up on the screen can provide attackers with access to the camera, read and send messages, record phone conversations, get location and Global Positioning System information, steal the contact list and phone logs, and extract all files and photos stored on the compromised device.

Promon further explains how the malicious app poses as a legitimate one and seeks permissions from the user which are usually accepted. "The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected", Promon CTO Tom Lysemose Hansen says. Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using. "The vulnerability also allows an attacker to masquerade as almost any app in a highly believable manner", they noted. Lookout, another security firm working in conjunction with Promon, identified no fewer than 36 malicious apps already actively exploiting the vulnerability.

While the victim of StrandHogg is then directed to the legitimate app once they put in their login details, anther strand to the fake page sends the captured data to the attacker, and thus compromises the victim's data.

Worryingly, it was found that most of the top 500 apps in Google Play were vulnerable to being exploited. Instead, it uses a vulnerability in the multi-tasking system of Android (called "taskAffinity") to carry out malicious activities.

Feds Arrest Programmer for Giving Cryptocurrency Talk in North Korea
Buterin went on to say that it is important to know the point of view of people and countries other than one's own. If convicted, the 36-year-old man, U.S. citizen and resident of Singapore, faces up to 20 years in prison.

"The specific malware sample which Promon analyzed did not reside on Google Play but was installed through several dropper apps/hostile downloaders distributed on Google Play", the researchers added.

"StrandHogg is unique because it enables sophisticated attacks without the need for the device to be rooted".

These particular apps have been removed by Google, but dropper apps often bypass Google Play's protections and trick users into downloading them by pretending to have the functionality of popular apps.

Google has responded to news of the vulnerability by saying: "We appreciate the researchers' work, and have suspended the potentially harmful apps they identified".

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.