A new Android bug has recently been discovered by a Norwegian infosec firm known by the name Promon. They named the bug as Strandhogg 2.0. An ‘evil twin’ of Strandhogg but unlike it’s predecessor, it is way more dangerous. Malicious application leveraging this vulnerability is very hard to detect. And this android bug can allow hackers to steal data from your device without you even noticing. And without you even granting any special permissions to the malicious app.
How does the Android bug work ?
But how does this vulnerability lets malicious app take control of your device and steal data ? Let us first understand what it does briefly and I will explain what exactly happens behind the scene.
This type of vulnerability is generally known as : E.o.P ( privilege escalation). And as the name suggests the harmful application manipulates user’s trust. The attacker can hijack legitimate applications and replace it with it’s own malicious content. But this vulnerability doesn’t require any permission or root access whatsoever. Which in worst case will trick user to believe it is a real application which they’re interacting with. This android bug has fatal consequences because of the fact that any application can steal data without any special permission.
Now that you have understood the workings on the surface. Here is how the bug might open a door for attacker. You install the malicious app without you knowing the downloaded app is malicious. You launch the application at least once. Now everything is in favor of the malicious app to exploit the vulnerability. From the moment on the malicious application will inject itself whenever you launch it’s target. It maybe Gmail, Facebook, Messenger and so on.
Here is a Proof of Concept provided by the firm: Promon.
How to avoid possible steal data / credential ?
Now that you’ve already learned about the bug / vulnerability. I’m glad that at least this thought crossed your mind. Here are a list of thing which you can do to avoid being a victim of this bug. These are not a list of ways to get rid of a possible attack but it sure helps to stay cautious.
- Avoid download of unverified app(s) from the internet
- Use only Play Store or other trusted marketplace
- Make sure to cross check about the application if it looks sketchy / new
- Scan your phone for unwanted / unrecognized application from settings
What can you do if you already are a victim of this android bug ?
It is very unlikely you are being affected by malicious application that exploit this vulnerability. But if you are affected by it there isn’t really much you can do about it. However, you can control account that you have online. What do I mean by controlling account ? What I am trying to imply is that you should change login credentials, PIN, etc. Whether it be banking / social network credentials routine update of your credentials is always a nice thing. Here are a list of obvious things to do if you’re affected by any type of attacks.
- Uninstall all apps or even erase your device completely
- Change credentials for app used on your smartphone
- Change your banking details ( PIN’s, Passwords )