StrandHogg 2.0 vulnerability in Android lets hackers hijack apps to steal victims’ data
Researchers at a Norwegian cybersecurity firm have discovered a vulnerability in Android that can be exploited by malicious apps to steal user data such as passwords, files and text message conversation logs.
The vulnerability, dubbed StrandHogg 2.0, affects the 2018 Android Pie release and all earlier versions, which power about 90% of mobile devices that run on Google’s operating system. The latest Android 10 release is not affected. Hackers who manage to sneak a malicious app onto a handset could exploit StrandHogg 2.0 to place a data-stealing overlay on top of legitimate apps and intercept input entered by the user.
“By exploiting this vulnerability, a malicious app installed on a device can attack and trick the user so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen,” Promon researchers detailed in a blog post. “If the victim then inputs their login credentials within this interface, those sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.”
Login credentials aren’t the only type of data that may potentially be at risk from StrandHogg 2.0-based cyberattacks. Malware can generate a deceptive overlay when a legitimate app requests operating system permissions, say to view the user’s photos or location, and hackers can then hijack those permissions to gain broader access to the user’s data or Android installation.
StrandHogg 2.0 is named after a similar flaw in Android that was spotted last year. This latest vulnerability is believed to be more dangerous because, unlike its namesake, it can be exploited without requiring that the user grant a malicious app any operating system permissions. Moreover, it’s harder for security tools to detect.
Update you Android phone with May 2020 update , rolled out recently