Skip to main content

Posts

Featured

Millions of Android devices potentially exposed to the Cloak and Dagger attack

Security researchers at Georgia Institute of Technology have  discovered  a new attack, dubbed ‘Cloak and Dagger’, that allows taking full control of Android devices. The  ‘Cloak and Dagger’ attack works against all versions of Android, up to version 7.1.2, it doesn’t exploit any vulnerability in Android OS, instead, it leverages a pair of legitimate app permissions that is being widely used in popular applications to access certain features on an Android device. Cloak and Dagger attacks abuse the following basic Android permissions: SYSTEM_ALERT_WINDOW (“draw on top”) – is a legitimate overlay feature that allows apps to overlap on a device’s screen and top of other apps. BIND_ACCESSIBILITY_SERVICE (“a11y”) – is a permission designed to help disabled users, allowing them to enter inputs using voice commands, or listen content using screen reader feature. “Cloak & Dagger is a new class of potential attacks affecting Android devices. These attacks allow a malicio

Latest posts

Top 100 games