Researchers at the University of Santa Barbara and the Georgia Institute of Technology have discovered a vulnerability that can be exploited in a ‘Cloak and Dagger’ attack, an expression that literally translates to ‘mystery and intrigue’. The exploit could allow an attacker to take complete control of the device without the user detecting suspicious activity, all hidden under a seemingly innocent interface.
‘Cloak and Dagger’, the exploit that disguises and attacks Android undetected
‘Cloak and Dagger’ is the name of a new and dangerous kind of attack that could affect Android. We say it could because it has been discovered and recreated by researchers, but at the moment it has not occurred in a real scenario, at least not that it is known.
What makes this attack more dangerous is that you only need to activate two permissions: ‘draw on top’ and ‘ally’. The first one is automatically granted to all the apps we download from the Play Store and then the show starts.
To get access to the second permission, the attacker uses a technique called ‘clickjacking’, which consists of showing us an innocent-looking screen that hides what is really happening on the phone. In the video, you can see it in action.
The app created to demonstrate this exploit shows a screen with the Android logo that tells us that we will see a tutorial. After pressing next and then OK starts a video, but what has actually happened is that we have given permission to ‘ally’.
Once achieved, the attacker takes complete control of the terminal and can download and install a malicious application on the device. In addition, I could do it even with the phone screen off, so we would not know anything at all.
The good news is that Google is aware of this problem and have already updated Google Play Protect to prevent the entry of any application of this type. The ‘Cloak and Dagger’ attacks are expected to be out of the game with the update to Android O.