Select Page

Remember Strandhogg?

A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information.

Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the wild to steal users’ banking and other login credentials, as well as to spy on their activities.

The same team of Norwegian cybersecurity researchers today unveiled details of a new critical vulnerability (CVE-2020-0096) affecting the Android operating system that could allow attackers to carry out a much more sophisticated version of Strandhogg attack.

Dubbed ‘Strandhogg 2.0,’ the new vulnerability affects all Android devices, except those running the latest version, Android Q / 10, of the mobile operating system—which, unfortunately, is running on only 15-20% of the total Android-powered devices, leaving billions of rest of the smartphones vulnerable to the attackers.

StrandHogg 1.0 was resided in the multitasking feature of Android, whereas the new Strandhogg 2.0 flaw is basically an elevation of privilege vulnerability that allows hackers to gain access to almost all apps.

As explained before, when a user taps the icon of a legitimate app, the malware exploiting Strandhogg vulnerabilities can intercept and hijack this activity/task to display a fake interface to the user instead of launching the real application.

However, unlike StrandHogg 1.0 that can only attack apps one at a time, the latest flaw could let attackers “dynamically attack nearly any app on a given device simultaneously at the touch of a button,” all without requiring a pre-configuration for each targeted app.

images from Hacker News