University researchers are warning that two features, not flaws, core to Google’s Android mobile operating system can be used together to launch clickjacking attacks to gain control of a target’s phone.
The discovery was made by researchers at Georgia Institute of Technology, who call the research Cloak and Dagger. It involves two Android features and permissions called System Alert Window and Bind Accessibility Service.
“If a malicious app is installed from the Play Store, the user is not notified about the permissions and she does not need to explicitly grant them for the attacks to succeed,” wrote researchers in a paper (PDF) scheduled to be presented today at the IEEE Security and Privacy Symposium in San Jose, Calif.
Leave a reply