More Than 95% Of Active Android Devices Are vulnerable To ClickJacking
More Than 95% Of Active Android Devices Are vulnerable To ClickJacking

As we all know that Android is a mobile operating system (OS) currently developed by Google, based on the Linux kernel and designed primarily for touchscreen mobile devices such as smartphones and tablets. The Android’s user interface is mainly based on the direct manipulation, using touch gestures that loosely correspond to real-world actions, such as swiping, tapping and pinching, to manipulate on-screen objects, along with a virtual keyboard for text input and recently Symantec’s security experts have discovered a new type of extortionate software for Android, which uses Click-Jacking equipment to obtain the administrator rights and also stated that more than 95% active Android devices are vulnerable to this.



More Than 95% Of Active Android Devices Are vulnerable To ClickJacking

Earlier in this year, Symantec’s security experts have discovered a new type of extortionate software for Android, which uses Click-Jacking equipment to obtain the administrator rights. With the release of the Android version, 5.0 Lollipop ,the tech giant Google has eliminated the possibility of a similar software operation.

But, mobile threat defense enterprise Skycure researchers believe that the attackers are using the Click-Jacking equipment which soon became quite common. With this exploit, a hacker could persistently monitor all of a victim’s activity, and can read possibly compose corporate emails and documents via the victim’s device.

In March of this year, experts have shown how Android Accessibility Service function can be exploited to gain control over the device. They have developed a PoC-exploit in the form of the game, playing in which the user inadvertently activate the Accessibility Service on the device.

Once the feature is enabled on the device, an attacker can monitor all users activity, view and compromise corporate e-mail and documents, as well as change the administrator or create a new administrator as we mentioned earlier. Hence, this will allow the offender to encrypt or delete all the data on your mobile device.

Earlier at that time, the security experts and researchers believed that the method only works on the devices which runs on the Android version 4.4 (KitKat) and below. However, as it turned out, hence, it exposed the vulnerability in the newer Android OS versions (Android 5.0 and above) as well, notwithstanding the additional protection, implemented by the tech giant Google. According to the security experts and researchers, 95.4% Android devices are vulnerable to the attacks which are using the clickjacking technique to gain the accessibility.

Moreover, the mobile threat defense enterprise Skycure’s security experts and specialists informed about the problem to the tech giant Google’s developers. But, the tech giant Google refused to fix or patch the vulnerability, as it describes to the mobile threat defense enterprise Skycure, that it as an acceptable risk.


COMMENTS

AUTHOR