Earlier this year, Symantec’s security experts discovered a new type of extortionate software for Android, which uses Click-Jacking equipment to obtain administrator rights.
With the release of Android version 5.0 Lollipop, the tech giant Google has eliminated the possibility of a similar software operation.
More Than 95% Of Active Android Devices Are Vulnerable To ClickJacking
But, mobile threat defense enterprise Skycure researchers believe that the attackers are using Click-Jacking equipment, which soon became quite common.
With this, a hacker could persistently monitor a victim’s activity and possibly read and possibly compose corporate emails and documents via the victim’s device.
In March of this year, experts showed how the Android Accessibility Service function could be exploited to gain control over the device.
They have developed a PoC-exploit in the form of a game in which the user inadvertently activates the Accessibility Service on the device.
Once the feature is enabled on the device, an attacker can monitor all users’ activity, view and compromise corporate e-mail and documents, and change the administrator or create a new administrator, as we mentioned earlier. Hence, this will allow the offender to encrypt or delete all the data on your mobile device.
Earlier at that time, security experts and researchers believed that the method only worked on devices that run on Android version 4.4 (KitKat) and below. However, as it turns out, it exposed the vulnerability in the newer Android OS versions (Android 5.0 and above), notwithstanding the additional protection the tech giant Google implemented.
According to security experts and researchers, 95.4% of Android devices are vulnerable to attacks using the clickjacking technique to gain accessibility.
Moreover, the mobile threat defense enterprise Skycure’s security experts and specialists informed about the problem to the tech giant Google’s developers.
But, the tech giant Google refused to fix or patch the vulnerability, as it describes to the mobile threat defense enterprise Skycure, that it is an acceptable risk.
