Select Page

Android exploit adds secret, thieving layers to your phone

Researchers from UC Santa Barbara and Georgia Tech have discovered a fresh class of Android attacks, called Cloak and Dagger, that can operate secretly on a phone, allowing hackers to log keystrokes, install software and otherwise control a device without alerting its owner. Cloak and Dagger exploits take advantage of the Android UI, and they require just two permissions to get rolling: SYSTEM ALERT WINDOW (“draw on top”) and BIND ACCESSIBILITY SERVICE (“a11y”).

This concerns researchers because Android automatically grants the draw-on-top permission for any app downloaded from the Play Store, and once a hacker is in, it’s possible to trick someone into granting the a11y permission. A Cloak and Dagger-enabled app hides a layer of malicious activity under seemingly harmless visuals, luring users to click on unseen buttons and keystroke loggers.

 

Download your "Special Report on Passwords and Password Security"

You have Successfully Subscribed!

The Next Masterclass is Coming Soon!

Fill out the form below and be notified as soon as the registration for the next Masterclass opens.

Thank you, we'll notify you as soon as the Masterclass registration opens!