【】TopicsAndroidCybersecurity

  发布时间:2025-05-09 17:56:08   作者:玩站小弟   我要评论
Most malware requires some form of active user interaction in order to infect a device -- a click on 。

Most malware requires some form of active user interaction in order to infect a device -- a click on a link in a phishing email, or the installation of software from an unverified source. 。

But a new type of attack, dubbed Cloak and Dagger, can basically take over your Android phone without your (conscious) help. Worse, no major version of Android is safe at this time.。

SEE ALSO:Whoops. Millions of Android phones are wide open to hackers。

Described by a team of researchers from the University of California and the Georgia Institute of Technology, Cloak and Dagger relies on the way Android UI handles certain permissions. 。

If an app is downloaded from Google's Play Store, researchers claim, it is automatically granted the SYSTEM_ALERT_WINDOW permission, aka "draw on top." You've likely seen this permission in action -- it's used by Facebook's chat heads, which float over other content on your screen.。

Mashable Games

This can be used to hijack the user's clicks and lure her into giving the app another permission, called BIND_ACCESSIBILITY_SERVICE or a11y, which can be used for stealing your passwords and pins, for example. 。

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter. 。By signing up you agree to our Terms of Use and Privacy Policy. 。

Thanks for signing up!。

A hacker that combines both these vulnerabilities could silently install a "God-mode" app with all permissions enabled, including access to your messages and calls. 。

Even though a lot of this is intended behavior and not an actual exploit, it can definitely be used to take over someone's device. The researchers claim they tested it on 20 human subjects, none of which had realized what was going on. 。

The one thing that protects users right now is the fact that to do all this, the malicious app must be downloaded from Google's official Play Store, meaning that it has to pass Google's security checks. But from past examples we know it's definitely possible for malicious hackers to slip in a malware-infested app into Play Store. 。

"It is trivial to get such an app accepted on the Google Play Store."。

"A quick experiment shows that it is trivial to get such an app accepted on the Google Play Store," the researchers claim. "We submitted an app requiring these two permissions and containing a non-obfuscated functionality to download and execute arbitrary code (attempting to simulate a clearly-malicious behavior): this app got approved after just a few hours (and it is still available on the Google Play Store)," they wrote.。

While Google has partially fixed the issue in the latest version of Android (7.1.2), the researchers claim it's still fully possible to take advantage of the vulnerabilities described above. According to the researchers, these aren't "simple bugs" but "design-related issues," meaning it will take more time to fix them; moreover, Google considers some of these issues as features, and does not currently plan to fix them.。

To protect their devices, the only thing users can do right now is check which apps have access to the "draw on top" and a11y permissions. The steps to do this vary in different versions of Android; they are listed here.。"We've been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer.  We have updated Google Play Protect -- our security services on all Android devices with Google Play -- to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues moving forward," a Google spokesperson told。


Mashable.。

Mashable.。

Featured Video For You。TopicsAndroidCybersecurity 。
  • Tag:

相关文章

  • MashReads Podcast: What makes a good summer read?

    Summer is coming to a close and that means one thing -- last-minute vacations!。SEE ALSO:'Ice Cream B
    2025-05-09
  • 美極辣汁三文魚的做法

    現在美食節目盛行,相信你在電視前麵肯定豔羨不已 。那麽下麵就給大家介紹一道美極辣汁三文魚 ,自己根據下麵的步驟 ,自己一定要嚐試做一下。1.魚洗幹淨用少許鹽、胡椒粉醃片刻。2.12薑切片蔥切段 。3.21辣醬
    2025-05-09
  • 蛋包番茄奶酪火腿的做法

    養生的方法很多 ,而最簡單的就要數飲食養生了。下麵 ,小編就來給大家介紹一下關於蛋包番茄奶酪火腿這道菜的做法。1.準備好雞蛋 、番茄 、火腿和奶酪2.將番茄、火腿切成丁 ,雞蛋打散 ,加少量鹽3.在平底鍋倒入少量
    2025-05-09
  • 薄荷煉乳蘋果排的做法

    怎麽樣才算是做出健康的美食呢?我想至少得自己做。下麵,就讓我來為大家介紹下有關薄荷煉乳蘋果排這道菜的做法。1.12紅富士蘋果一個2.21把蘋果削去外皮3.1把蘋果圈沾上麵粉4.2切成圓圈5.再把沾勻麵
    2025-05-09
  • Whyd voice

    Amazon's Echo made controlling music with your voice easy-peasy, but its sound quality could be a lo
    2025-05-09
  • 薄荷煉乳蘋果排的做法

    怎麽樣才算是做出健康的美食呢?我想至少得自己做  。下麵,就讓我來為大家介紹下有關薄荷煉乳蘋果排這道菜的做法。1.12紅富士蘋果一個2.21把蘋果削去外皮3.1把蘋果圈沾上麵粉4.2切成圓圈5.再把沾勻麵
    2025-05-09

最新评论