Security researchers have discovered a critical flaw in the MediaProjection service in Android devices. The Android MediaProjection Flaw allows attackers to capture user’s screen and record system audio without user’s consent.All Android smartphones devic
Security researchers have discovered a critical flaw in the MediaProjection service in Android devices. The Android MediaProjection Flaw allows attackers to capture user’s screen and record system audio without user’s consent.All Android smartphones devices running Lollipop, Marshmallow, and Nougat are vulnerable to this attack.
Read more on: New Variant Bankbot Malware Targets Google PlayTill android lollipop (5.0) applications had to be signed with the device's release keys and need root access to use this service.However, in android lollipop (5.0) Google made the service open to everyone, and there was no need of any permission for the application to access it.Security researchers from MWR Labs said that “To use the MediaProjection service, an application would simply have to request access to this system Service via an Intent. Access to this system Service is granted by displaying a SystemUI pop-up that warns the user that the requesting application would like to capture the user's screen.”An attacker can easily overlay the System UI pop up which warns the user by an arbitrary message and trick user into granting the attacker’s application the ability to user’s screen and record audio.
You may be interested in reading: Terdot – Zeus Banking Trojan Targets Social Media & EmailResearchers said that the primary cause of this vulnerability is that affected android version are unable to detect partially obscured SystemUI pop-ups.This flaw allows attackers to draw an overlay over the SystemUI pop-up and capture user’s screen.“Furthermore, the SystemUI pop-up is the only access control mechanism available that prevents the abuse of the MediaProjection service. An attacker could trivially bypass this mechanism by tapjacking this pop-up using publicly known methods to grant their applications the ability to capture the user’s screen” said in the report published by MWR Labs. However, the attack is not entirely undetectable because a screencast icon will be shown in the notification whenever attacker tries to capture the screen and record audio. The vulnerability has been patched in Android OREO (8.0), but other versions are still vulnerable to this attack.
Read more: HIDDEN COBRA -the North Korean Hackers are Still on Hunt!