Researchers at UC Santa Barbara and Georgia Tech who discovered a new severe vulnerability on Android that simply adds secret, thieving layers to your Android smartphone.
This New Android Exploit Adds Secret, Thieving Layers To Your Phone
Security on Android is a sensitive subject and always prone to news. A new vulnerability has been discovered that allows for almost full access to Android, allowing operations that are usually barred from applications.
Cloak and Dagger, the name of this new fault, is still only theoretical, but its danger is real and can be explored easily.
It was the researchers at UC Santa Barbara and Georgia Tech who discovered this new vulnerability on Android. This allows user data to be stolen, new applications installed, and device control without user knowledge.
By using the SYSTEM ALERT WINDOW (“draw on top”) and BIND ACCESSIBILITY SERVICE (“a11y”) properties, Cloak and Dagger can create an invisible layer on Android by logging all keys that are clicked on the screen and other interactions that exist.
The problem is greater because applications originating from the Play Store have these permissions accepted directly, without user intervention, and there is no control.
Google is already dealing with the problem of Android. As the tech giant Google is already aware of the problem and will also deal with it in order to resolve it in the versions that are affected.
Here is what the tech giant Google stated “We have been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer.
We have updated Google Play Protect – our security services on all Android devices with Google Play – to detect and prevent the installation of these apps. Prior to this report, we have already built new security protections into Android. That will further strengthen our protection from these issues, moving forward”.
Android will already have this issue resolved, given greater control over these permissions, but will still have to be tested to confirm. As for the other versions, the problem will still exist, even if the tech giant Google resolves it, as it has happened in previous situations.
