Cloak and Dagger Exploits Affect All Versions of Android

Cloak and Dagger Exploits Affect All Versions of Android

Researchers from Georgia Institute of Technology and UC Santa Barbara have uncovered a new Android exploit affecting all versions of the operating system. The exploit is dubbed Cloak and Dagger and is seen as a new class of potential attacks targeting Google’s mobile OS.

Related Story: Android Users, How Much Do You Know about Ultrasonic Tracking?

The Cloak and Dagger Exploits in Detail

Attacks based on Cloak and Dagger allow for malicious apps to steal sensitive information by creating a specific app that only needs to set two permissions. These permissions are BIND ACCESSIBILITY SERVICE (“a11y”) and SYSTEM ALERT WINDOW (“draw on top”). These attacks abuse one or both of the SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”), the researchers explain.

As already mentioned, these attacks only need two permissions to take place, and in case the app is installed via the Play Store, the potential victim doesn’t need to grant them. The researchers’ user study indicates that the attacks are practical meaning that they affect all recent versions of Android, Android 7.1.2 inclusive.

Conceptually, “cloak and dagger” is the first class of attacks to successfully and completely compromise the UI feedback loop. In particular, we show how we can modify what the user sees, detect the input/reaction to the modified display, and update the display to meet user expectations. Similarly, we can fake user input, and still manage to display to the user what they expect to see, instead of showing them the system responding to the injected input.

Even though it is not that simple to trick users into enabling accessibility permissions, attackers can still succeed. Once the permissions are on, attackers are able to install malicious software, harvest data from installed applications, and eventually take full control over the particular Android device. The worst part is that the user will not be aware of what is going on in the background of his device.

In particular, we demonstrate how such an app can launch a variety of stealthy, powerful attacks, ranging from stealing user’s login credentials and security PIN, to the silent installation of a God-mode app with all permissions enabled, leaving the victim completely unsuspecting,” the researchers note in their report.

Related Story: Marcher Android Banking Malware Made to Attack Multiple Applications

Google Fixed the Exploits and Issued a Statement

On Google’s side, the company has already taken actions against the exploit. There is also an official statement explaining their countermeasures to patch the affected versions, including Android 7.1.2, Google’s latest release.

We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer. We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues moving forward,” Google stated.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.