Security researchers at UC Santa Barbara have found a new vulnerability in Android which affects all versions of the OS. Known as cloak and dagger attacks, the exploit allows hackers to get full control of a user’s device without getting detected. Researchers describe cloak and dagger attacks as “a new class of stealthy, and very powerful attacks”.
Cloak and Dagger attacks have the ability to fake user input so that users get tricked into seeing what they expect to see on the display. Such attacks rely on two specific permissions: the SYSTEM ALERT WINDOW and the
BIND ACCESSIBILITY SERVICE permissions. Now, this allows hackers to not only fake user inputs but also prevent the user from seeing these fake inputs from appearing on the screen, which makes them hard to detect.
“In “cloak and dagger,” the synergy of the two permissions allows an attacker to both modify what the user sees and inject fake input, all while maintaining the expected “user experience” and remaining stealthy”, said researchers in their report.
In short, skilled hackers can take full control of your Android device and remain stealthy, install malicious programs, and steal sensitive information without getting detected.
“Such an app can launch a variety of stealthy, powerful attacks, ranging from stealing user’s login credentials and security PIN to the silent installation of a God-mode app with all permissions enabled, leaving the victim completely unsuspecting,” further explained the researchers in their report.
Thankfully, Google is now aware of the Cloak and Dagger exploit and said in an official statement that a fix should soon be on its way.
“We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues moving forward,” said Google in a statement.
The issue appears to affect all versions of Google’s Android OS, including the latest Android Nougat 7.1.2 release. A fix for the same should be available in the next Android update, but it should take a while given that the vulnerability affects all versions of Android.
In the meantime, users are advised to keep a check on applications installed on their devices, as well as what permissions have been granted. For more details on how the exploits works, you can check out the video below which shows a demo of the “Invisible Grid Attack”, one of the Cloak & Dagger attacks: