The Latest in IT Security

Android Focus Stealing Vulnerability

10
Aug
2011

Android allows applications to voluntarily come to foreground or to become active while user is using another application. However, because Android’s SDK allows apps to be pushed to the foreground, Android allows users to dismiss and override this behaviour be hitting the back button. This Android feature is used by many security applications for application control or for locking the phone.

Hacker can target this Android feature as vulnerability by creating fraud application pop-ups that replace the bank app or social networking app standard log-in screen and collect user information. The screen would blip so fast that users wouldn’t even notice that the original log-in has been replaced by this fake pop-up.

Hackers at the DefCon conference exposed this design flaw in the Android operating system that could be exploited by criminals to phish for customer data or introduce pop-up ads to smart-phones.
Normal user cannot identify such applications from “permissions required” displayed at time of installation as it is legitimate function for application.

According to Google, they haven’t seen any apps maliciously using this technique on Android Market and they will remove such apps if found.
User has to be careful as attackers could post apps much faster than Google could identify and remove them from the Market.

Leave a reply


Categories

SATURDAY, OCTOBER 31, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments