3. The 'Cloak & Dagger' Attack That Bedeviled Android For Months

The 'Cloak & Dagger' Attack That Bedeviled Android For Months

The main Cloak & Dagger attacks affect all recent versions of Android, up to the current 7.1.2. They take advantage of two Android permissions: one, known as SYSTEM_ALERT_WINDOW,which allows apps to display overlay screens for things like notifications, and one called BIND_ACCESSIBILITY_SERVICE, a permission for accessibility services that allows tracking and querying of visual elements displayed on the phone. These permissions can be abused individually, or in tande.

When you download apps from Google Play that request the System Alert overlay permission, Android grants it automatically, no user approval required. That means malicious apps that ask for that permission can hide ill-intentioned activity behind innocuous-looking screens. For example, the app can request a permission that the user must approve, but cover that request notification with another screen that asks for something innocent, leaving a hole in the cover screen for the real “Accept” button. This type of bait and switch is a version of an attack known as “click-jacking.”

/r/Android Thread Link - ired.com
Previous
Next

Recently removed from /r/Android

[Louis Rossman] I was wrong about Samsung Daily Superthread (Nov 30 2022) - Your daily thread for questions, device recommendations and general discussions! Dimensity 9200 tops current mobile GPUs in early GFXBench test, even the Apple A16 The SIM card as we know it is as good as dead Google Pixel 6a Review: A Refreshing $449 Phone Sunday Rant/Rage (Jul 17 2022) - Your weekly complaint thread! Samsung has staggering 50 million smartphones in stock Daily Superthread (Apr 12 2022) - Your daily thread for questions, device recommendations and general discussions! Samsung Expands Customer-First Care Experience with New Self-Repair Program Maybe It’s Time We Let Nokia Phones Die Google Infringed on Speaker Technology Owned by Sonos, Trade Court Rules Google Power Abuse Prevention Act has been passed in Korean national assembly Camera shootout: Samsung Galaxy S21 Ultra vs iPhone 12 Pro Max What should I buy Thursday (Feb 04 2021) - Your weekly device inquiry thread! Samsung is the King of Android Updates

More Random Comments

The Hunt for Red Jenny ELI5: Why do we continue reading while we are thinking about something other than what we are reading? Is anyone watching the Stanford lectures (CS193p) and doing the assignments? The real culprit Zed match-up questions: vs. Yasuo/Leblanc [WP] From birth, everybody has a word imprinted on their left arm. This is the last word they will ever say. I am 20 years old, $70k in debt and make about $24,000 a year. What can I do? What is the worst/best cockblock you have ever given, gotten, or witnessed? What's something that your SO does that you know about, but they don't know you know? TIL Weird Al turned down $5 million, in the late 80s, to endorse a beer company. He thought it was ethically wrong because, "a lot of his fans were young and impressionable." Lets talk raid leading and being a productive raid member Some of your favorite soundtracks to listen to while playing WarFarm First seizure ever, Went to doctor, questions unanswered Microsoft pulls the plug on its last Windows RT tablet Opinions on heel hooks in BJJ