Tuesday, 30 May 2017 13:12

Android WARNING - Hackers can record EVERYTHING you do and Google will struggle to stop it


A TERRIFYING new malware attack – that enables hackers to silently take control of your smartphone and siphon private data – can be used on all versions of the Android operating system, researchers have sensationally claimed.

Cybercrminals can record EVERYTHING you do on your Android phone

A catastrophic new cyberattack has been uncovered – and it affects all versions of the Android operating system up to version 7.1.2, researchers at Georgia Institute of Technology have claimed.

Worst of all,  will struggle to stop this latest attack, due to the way it infiltrates your Android device's permissions, the researchers added.

Dubbed Cloak and Dagger, the terrifying new attack allows hackers to silently take control of your smartphone and steal private data, including every keystroke, chats, PIN code, online account passwords, contacts, and more.

Cloak and Dagger doesn't exploit any specific vulnerability in the Android operating system.

Instead, the clever new attack abuses legitimate app permissions that are widely-used by legitimate apps to access certain features on an Android device, researchers have claimed.

Hackers have to use two permissions to initiate the attack.

The first permission, known as "Draw On Top", is a legitimate permission that allows applications to overlap on the screen as well as on top of other apps.

The second, known as "a11y", is designed to help visually impaired Android users, allowing them to enter data with voice commands, or listen to content on-screen using a screen reader feature.

According to the findings from Georgia Institute of Technology, a malicious app submitted to the Google Play Store colds exploit these legitimate app permissions to allow hackers access to your Android smartphone.

Once the malicious app is installed on a device, hackers can make a record of every keystroke you type, install other applications without your knowledge, silently unlock the device without waking the screen.

Cybercriminals would be able to spy on every activity you do on your phone.

Hackers can silently take control of your phone and steal private data, including keystroke, chats, more
Hackers can silently take control of your phone and steal private data, including keystroke, chats,

Researchers have published a number of video demonstrations of the Cloak and Dagger attacks – and it's a little terrifying.

Unfortunately, it's not going to be easy for Google to protect users against this type of attack.

According to Yanick Fratantonio, the Georgia Institute of Technology paper's first author, "changing a feature is not like fixing a bug.

"System designers will now have to think more about how seemingly unrelated features could interact. Features do not operate separately on the device."

Google is set to change the policy around the "Draw On Top" permission with Android 8.0, which is .

That should stop the Cloak and Dagger attack, researchers have highlighted.

However, the next version of Android will take a long time to roll-out to users.

 recently revealed that "About half of devices in use at the end of 2016 had not received a platform security update in the previous year"

Yes, that's right. "About half" of all Android devices did not get a single security update in the last year.

The Android Security Year in Review highlights a number of improvements in the Android ecosystem
The Android Security Year in Review highlights a number of improvements in the Android ecosystem

That's not good news – especially when coupled with the latest findings from the Georgia Institute of Technology.

Unlike iOS software update, which are rolled-out simultaneously to all compatible devices by Apple itself,  hands over its software updates to individual device manufacturers, dubbed OEMs.

Unfortunately, a worrying number of these manufacturers are slow to adopt operating system updates and critical security patches. 

Google is well aware of the problem, and has desperately been looking for a solution for years.

The California-based company even considered a plan to publicly name and shame mobile carriers and device makers that drag their feet with important updates.

Thankfully, there is a workaround.

According to technology blog The Hacker News, the best way to disable the Cloak and Dagger attacks in Android 7.1.2 is to manually turn off the "Draw On Top" permission.

Head to Settings > Apps > Gear symbol > Special access > Draw over other apps.

Another precaution is to only download applications from trusted and verified developers on the Google Play Store.

Source: This article was published express.co.uk By AARON BROWN


World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.