New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

2020-05-26 07:40

A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information.

The same team of Norwegian cybersecurity researchers today unveiled details of a new critical vulnerability affecting the Android operating system that could allow attackers to carry out a much more sophisticated version of Strandhogg attack.

Dubbed 'Strandhogg 2.0,' the new vulnerability affects all Android devices, except those running the latest version, Android Q / 10, of the mobile operating system-which is running on only 15-20% of the total Android-powered devices, leaving billions of rest of the smartphones vulnerable to the attackers.

StrandHogg 1.0 was resided in the multitasking feature of Android, whereas the new Strandhogg 2.0 flaw is basically an elevation of privilege vulnerability that allows hackers to gain access to almost all apps.

Unlike StrandHogg 1.0 that can only attack apps one at a time, the latest flaw could let attackers "Dynamically attack nearly any app on a given device simultaneously at the touch of a button," all without requiring a pre-configuration for each targeted app.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/kQwAPy4FPgM/stranhogg-android-vulnerability.html

#android #phone

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Android		4	0	17	2	0	19
Billion		4	1	0	2	7	10