Android security vulnerability demonstrated by ‘clickjacking’

Mar

8

2016

A security company has explained in detail how attackers could take over an Android device by placing a layer of the interface through which users actually click somewhere else than they think. This allows all kinds of permissions can be turned on.

The method was invented by the company Skycure who gave a demonstration video. On his blog suggests the security company that malware authors an app such as a game, can used in the background of clicks to do other things than the user intended. That is because it is possible to lay a shell around the operating system; this graphic overlay it seems as though the user clicks in the game, while there are all sorts of settings, for example, turned on in the background. This is also called “clickjacking”.

Skycure demonstrated the technology during a presentation at the RSA Conference, a security conference held in San Francisco. By users to play a game where you need to click on specific places on the screen, the researchers were able to gain access to the ‘Accessibility Services, an API that can appeal to developers to make applications more suitable for users with disabilities. One example is Google TalkBack, which is designed for blind or visually impaired people.

The malicious app to gain access to the Accessibility Services is among other things possible to collect personal information, such as from email and other messages. Although so here is an example of Skycure, there are examples of malware that use such clickjacking methods. Vulnerability to such attacks is according Skycure in Android versions 2.2 to 4.4. Although it thus comes to older versions of Android, continues to rotate for a large part of the users this software.

Viewing:-138

In: Technology & Gadgets Asked By: [15229 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »