Android Police

Articles Tagged:

clickjack

...

Recently revealed "Cloak & Dagger" Android attack uses overlays and accessibility services to deceive users

A new series of vulnerabilities in Android have been discovered by researchers at the University of California Santa Barbara and the Georgia Institute of Technology. Titled "Cloak & Dagger" this new class of vulnerabilities and attack vectors makes use of overlays and accessibility service permissions in Android. These services can potentially allow for a malicious application to perform unwanted actions, including collecting data input on the device and so-called "clickjacking." The latter term being when a user might believe they are performing one action, but another is occurring beneath a deceptive overlay.

Read More
...

Research Team Creates "Clickjack Rootkit" For Android That Can Hijack Apps, Exploit User Input

Xuxian Jiang, along with his research team at North Carolina State University, has cooked up a proof-of-concept "clickjack rootkit" which targets Android. The rootkit is unique not only in that it can function without a device restart, but also in that it targets Android's framework, not requiring deep modifications to the underlying firmware or kernel.

Clickjacking, for those unfamiliar, is a malicious technique typically used on the web to "trick" users into handing over control of their device or confidential information.

The researchers' rootkit, which can itself manipulate an infected device, works by hiding apps on a device, and redirecting app launches to said hidden apps.

Read More