Our smartphones store so much of our information and data, and security has become a paramount importance to safeguard our credentials. Cyberattacks on mobile phones are increasing each day and with mobile apps collecting large amounts of data which they store on the cloud the devices are now even more exposed to more attacks and vulnerability. Speaking about one such attack, Cloak and Dagger a new ‘class’ of potential attacks has cropped up which is affecting several Android devices. The new attack has been uncovered by researchers at Georgia Institute of Technology.
With cyber attacks on smartphones becoming a major threat, the security features offered by various OS is often debated. iOS, for instance, is a proprietary operating system that is controlled by Apple and has a standard approach to security. Android meanwhile operates with an open source code. Although the Android platform is said to have multiple layers of protection to secure a device it is more susceptible to malware attacks compared to other mobile OS. The reason being Android is run on many different devices and not all of these support the latest version of Android OS.
What is Cloak and Dagger attack?
These attacks allow a malicious app to control the UI ‘feedback loop’ without giving any chance to the user to notice the malicious activity. The Cloak and Dagger attack instead of exploiting any vulnerability in Android ecosystem, abuses a pair of ‘legitimate app permissions’ which are used in most of the applications to gain access to features on an Android device. These attacks silently take full control of the device and allow hackers to steal confidential information for instance device PIN, online account passwords and even contacts. These attacks affect all the version of Android including the latest Android 7.1.2 Nougat.
Cloak and Dagger attack uses two basic Android permissions
SYSTEM_ALERT_WINDOW (“draw on top”)
The “draw on top” permission basically overlay apps on a device screen and top of other features. The “a11y” is designed to make is possible for people with disabilities such as visual impairment, hearing loss to access and enter inputs using voice commands etc.
The researchers explained, “If the malicious app is installed from the Play Store, the user is not notified about the permissions and she does not need to explicitly grant them for the attacks to succeed. In fact, in this scenario, “draw on top” is automatically granted, and this permission is enough to lure the user into unknowingly enable a11y (through click jacking). The possible attacks include advanced click jacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app (with all permissions enabled), and silent phone unlocking + arbitrary actions (while keeping the screen off).”
Evidently, the researchers performed a ‘user study’ on 20 people and none of them could detect these malicious attacks. They have even provided videos that demonstrate a series of Cloak and Dagger attacks.
University researchers have disclosed this new attack to Google. Yanick Fratantonio, one of the author, however, noted that “changing a feature is not like fixing a bug”. According to him, system designers should think more about how seemingly ‘unrelated’ features could interact.
Google has planned to bring changes in its policy on the newest OS version ‘Android O’ but since several devices are still to receive the Android Nougat from their respective OEMs, there is a fair chance that many Android users might fall prey to these malicious attacks. Mobile malware is difficult to dismiss, so users are recommended to look at least for the app store reviews before installing an app and download apps only from verified developers.