14 DAY TRIAL // According to a group of security researchers from There's a new Android Researchers from Georgia Institute of Technology and UC Santa Barbara, there's a new Android exploit in the wild, which affects all versions of Google's mobile OS.
Called Cloak and Dagger, the exploit could allow hackers to steal your information by creating a malicious app that only needs to set two permissions, namely BIND ACCESSIBILITY SERVICE ("a11y") and SYSTEM ALERT WINDOW ("draw on top"), to log keystrokes and steal your passwords and other sensitive information.
It's a fact that's not that easy to force users into enabling accessibility permissions, but skilled hackers can trick them into doing so, and once they activate both permissions, they'll be able to install software, steal data from installed apps, and basically take full control of your Android phone without you even knowing.
"In particular, we demonstrate how such an app can launch a variety of stealthy, powerful attacks, ranging from stealing user’s login credentials and security PIN, to the silent installation of a God-mode app with all permissions enabled, leaving the victim completely unsuspecting," explained the researchers in their report.
Google took the necessary steps to prevent such attacks
Shortly after the researchers made this discovery, it appears that Google immediately took action and released an official statement explaining what they did to prevent such attacks for now, which appear to affect all versions of the Linux-based Android operating system, including the latest Android 7.1.2 (Nougat) release.
"We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer. We have updated Google Play Protect - our security services on all Android devices with Google Play - to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues moving forward."
It's very likely that the next Android update will patch the exploit, but that might take a while considering how various Android versions are distributed, so it is better that you always check what apps are installed on your mobile device and what permissions are enabled. For more details on how the new exploit works, check out the videos below, courtesy of Yanick Fratantonio, one of the researchers involved in this publication.
