This would let the attacker capture user’s screen.Īndroid Smartphones Plagued with Bug that Lets Attacker Capture Screen and Record Audio The reason why this vulnerability is threatening is that the affected android versions cannot identify obscured SystemUI pop-ups allowing an attacker to create an app that draws an overlay upon the pop-up and elevate the privileges of the app. Access to this system Service is granted by displaying a SystemUI pop-up that warns the user that the requesting application would like to capture the user’s screen,” explained MWR researchers. “To use the MediaProjection service, an application would simply have to request access to this system Service via an Intent. ![]() Android malware developers have relied upon this particular technique for years, and still, it works. Researchers at MWR Labs opine that an attacker can detect when this prompt would be shown and the trigger an arbitrary prompt and the content would be disguised with another message using a technique called tap-jacking. Now, the apps can access this service through an intent call that would display SystemUI prompt warning users when the app would capture the screenshot and record system audio, noted BleepingComputer. ![]() This is why the use of this service is limited to system level apps only.īut when Android Lolipop 5.0 was released, Google made this service open to everyone but did not secure it with the requirement of permission from the users. Since a majority of Android devices nowadays have these three versions of the OS, therefore, around 77.5% of the Android devices are at risk.Īndroid’s MediaProjection service has existed since long, but apps needed root access and signed up with the release keys of the device in order to use the service. ![]() The service is designed to capture user’s screen and record system audio. If your Android smartphone has Lolipop, Nougat or Marshmallow, then there is every reason for you to feel alarmed because the MediaProjection service can be exploited due to a critical flaw.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |