A new Android exploit has been discovered which tricks users into recording the contents of their screen. The exploit has been discovered by MWR InfoSecurity and it’s present on Android versions 5.0 to 7.1. As previously mentioned, it tricks users into recording their device’s screen without them actually knowing about it.
The exploit relies on Android’s MediaProjection framework that was introduced with Android 5.0 Lollipop. The framework gives developers the ability to capture the device’s screen and record audio. Prior to this version of Android, screen recording apps required root privileges or special keys.
An app that uses the MediaProjection framework normally requests access to it through an intent that pops up on the display. It’s only after that does the framework allow the app to record screen content. The exploit enables attackers to overlay a normal pop up over the MediaProjection intent.
This method can thus be used to trick the user into giving the app permission to record the screen even though the pop up might be telling them something else entirely.
This remains a serious risk for Android smartphones as the exploit has only been patched in Android 8.0 which isn’t out for most devices as yet. Almost 77 percent of active Android devices are vulnerable to this exploit.
Google is yet to confirm when it’s going to roll out a patch for them. In the meantime, just be careful about the apps that you download.
Filed in . Read more about Android. Source: labs.mwrinfosecurity