The Hacker News Logo
Subscribe to Newsletter

New Android Vulnerable Lets Hackers Take Over Your Phone

New Android Vulnerable Lets Hackers Take Over Your Phone
This time Everything is Affected!

Yet another potentially dangerous vulnerability has reportedly been disclosed in the Google's mobile operating system platform – Android.

Android has been hit by a number of security flaws this month, including:
This time the issue resides in the multitasking capability of the Android phones, the ability to run more than one app at a time.

The security flaw gives hacker ability to spy on Android smartphone owners, steal login credentials, install malware, and many more, according to the latest research conducted by the researchers at the Pennsylvania State University and FireEye.

How the Attack Works?


According to security researchers, the flaw could be exploited to lure the victim into unwittingly handing over their login details into a spoofed user interface, controlled by a hacker, when an Android user starts an app.

The device owner won't at all be aware that they are typing their sensitive details into a malicious software program masquerading as a legit Android app.

The researchers published their research in a paper titled, "Towards Discovering and Understanding Task Hijacking in Android" [PDF], which they presented at the USENIX Security 15 conference in Washington DC last week.

The study explained practical details of how multitasking within Android differs from multitasking within desktop operating systems that focused on what happens when an app or multiple apps run in one or multiple processes simultaneously creating Multi-Tasks.

Multitasking in Android allows us to gain advantage in a way:
  • By being able to switch between the apps
  • Apps being able to maintain their state in the background
  • Easy task or app switching

Task Hijacking Attacks on Large Scale


Android task management mechanism is threatened by severe security risks. When maltreated, these convenient multitasking features can backfire and initiate task hijacking attacks on a vast scale.

The researchers analyzed more than 6.8 Million apps from multiple Android app stores and found that the task hijacking flaw is prevalent in all apps. Since many Android apps depend on "the current multitasking design, defeating task hijacking is not easy."

The researchers also claimed that the vulnerability can impersonate the user interface of the app, which is controlled by the attacker on the other hand.

You can watch the video to find the quick overview of the vulnerability.

This is just one scenario where the attacker is deploying phishing attack on Android users, and gaining their privacy credentials.

Yet More to Come

There can be instances where the users can be the victims of Ransomware, Distributed Denial of Service (DDoS) attacks and other cyber attacks.

The five security researchers – Peng Liu and Chuangang Ren from the Pennsylvania State University, and Yulong Zhang, Tao Wei and Hui Xue from FireEye – involved in the research reported the security hole to the Android team.
"We appreciate this theoretical research as it makes Android's security stronger," said a Google spokeswoman.
You are safe as; as Google said that customers are protected from hijacking and phishing attacks with Android's Verify Apps and Safety Net features.

Also, you can keep yourself safe by installing apps from trusted sources and keeping your safety completely with you.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.