Critical Android flaw lets attackers hijack almost any app, steal data

Critical Android flaw lets attackers hijack almost any app, steal data

Left unpatched, the vulnerability could expose almost all Android users to the risk of having their personal data intercepted by attackers



Researchers have found a critical flaw that affects nearly all devices running Android 9.0 or older, which implies that over 90% of Android users could be vulnerable. If exploited, the security hole allows hackers to hijack almost any app and steal victims’ sensitive data, according to researchers at Promon, who uncovered the vulnerability and dubbed it StrandHogg 2.0.


The good news is that malware exploiting the vulnerability has not been observed in the wild. Importantly, Google provided a patch to Android device makers in April 2020, with the fix – for Android versions 8.0, 8.1 and 9.0 – being rolled out to the public as part of the latest assortment of monthly security updates throughout this month. Promon notified Google about the vulnerability in early December 2019.


Indexed as CVE-2020-0096, the elevation of privilege flaw resides in the Android system component and can be abused through a method called reflection that allows malicious apps to impersonate legitimate applications while the victim is none the wiser. As a result, once a malicious app is downloaded and installed on a vulnerable device, an attacker could steal the victim’s access credentials, record conversations, track their movements via GPS, or access stored data such as photos or messages.


Let’s say a malicious app sneaks into your device and you click on a legit app that requires yo ..

Support the originator by clicking the read the rest link below.