A new security vulnerability has been detected that affects potentially all flavors of Android. A team called Cloak and Dagger (consisting of 4 researchers from the Georgia Institute of Technology and UC Santa Barbara) detected a new host of Android attacks with the ability to operate silently on your device, giving hackers access to your keystrokes, allow software to be installed, and operations of control without your knowledge.
In order to get full control into a device Cloak and Dagger, also the name of the exploit, only requires two permissions to be approved by the User: SYSTEM ALERT WINDOW and BIND ACCESSIBILITY SERVICE.
As you can watch in the video below, it’s pretty easy for a User to accept these permissions without them knowing. The worst part is that the exploit can take control of your device even if your screen is off, allowing them to take control when you locked your screen and leave you unable to log back on.
Google had the following to say about the exploit:
“We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer,” a spokesperson says. “We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues, moving forward.”
For further information, you can read the full articles regarding how it works and why on the team’s website: