comscore
News
> > Android 'Cloak and Dagger' exploit adds overlays and even allows the malicious Silent God-mode app installs

Android ‘Cloak and Dagger’ exploit adds overlays and even allows the malicious Silent God-mode app installs

After Cloak and Dagger override the required permissions, it can mask itself over another app interface and thus app permissions could be changed without the user being aware of it.

android-google-io-2017

Researchers at the University of California Santa Barbara and the Georgia Institute of Technology have discovered a new batch of Android exploits that operate silently in the background. Researchers call this exploit ‘Cloak and Dagger’ due to its incognito behavior. The exploit is believed to operate on a system without the user even knowing about it.

The Cloak and Dagger require only two sets of permission on an Android device. Firstly, it exploits System Alert Window and creates overlays or draws on top of other running apps. Secondly, it overrides Bind Accessibility Service permissions which are originally meant for visually impaired Android users. Users need not explicitly grant these permissions while installing an app on their Android device. The exploit affects not only previous Android version but the currents one too, including Android Nougat 7 1..2.

Clickjacking. is what this exploit can make users fall for. How that works? After Cloak and Dagger override the required permissions, it can mask itself over another app interface and thus app permissions could be changed without the user being aware of it. This means, once Cloak and Dagger gets into the Android Device, with this exploit it can acquire permissions to ‘Blind Accessibility Service’ by drawing itself on top.

According to Cloak-and-Dagger.orgthe exploit can lead to clickjacking, keystroke recording, phishing and other silently operating background threats. The portal also notes that these attacks are mostly due to design issues and it is scary to know that there has been no fix made to the two vulnerabilities yet in the Android interface yet.

 

Google has responded to the Cloak and Dagger attacks and in a statement to Engadget, it said, “We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer. We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues, moving forward.” ALSO READ: Android O Beta: A quick look at the refreshed interface, picture-in-picture feature, notification dots and more

While Google claims the next Android O is safer Android OS than ever, it is worth noting that it won’t be rolled out to a  major chunk of devices. Researchers claim that they were able to get malicious apps approved on Google Play Store and thus loophole persists. Thus, we recommend users to download and install apps from trusted sources only and ensure granting only necessary permission to your apps.