Today Android users were warned to be on their guard after a major vulnerability was discovered in the operating system that could be used to gain access to login information. The glitch was discovered by our partners in Lookout and is known as StrandHogg.
The attack exploits a weakness in Android’s multitasking system that allows malicious apps to pretend to be a legitimate app on the device. It also allows attackers to create a fake version of a login screen, enabling it to harvest confidential login credentials.
What Should You Do?
People should immediately audit and check that all apps and systems on their device are up to date and check for suspicious login attempts – but without MTD installed you can only hope to gain sight of a breach and carry out some damage control.
If you’re reading this and thinking that surely a security patch would be a smart measure for Google to roll out you should bear in mind the following, says Colm Warner our Customer Success Manager: “Security patches alone are not enough to protect devices without MTD layers also installed.
The other thing to note is the turnaround times on a patch -even if Google released a patch today it could still take up to 90 days to reach the current handsets, and older handsets may not ever get it at all.
The only thing that can adequately defend against attacks like this is a correctly installed Mobile Threat Defence (MTD) system on mobile devices. Thinking logically about it, you would never deploy a laptop to an employee without first installing some level of protection, so why are the mobile devices-which are going out to unsecured carrier networks any different? In many cases, the mobiles have access to the same data a laptop does, but with none of the same protections.”
If you’re looking for some more information on how to start protecting your mobile estate, a good starting point is our free guide ‘9 Things a Company Should Know About Mobile Security’
How does it all work?
The vulnerability affects all versions of Android, including the newest release, Android 10, and does not require root access.
There are two main ways this app can exploit the devices: a malicious app could pretend to be a legitimate one and ask users to grant permission to access data on the device, or it could run an attack that would display a fake version of an app on a user’s screen when the icon of a legitimate app is clicked.
Users affected by StrandHogg would likely be unaware they had been hit by the vulnerability. Apps that exploit StrandHogg can eavesdrop on users through the microphone, access text messages, contacts, phone logs and files on the smartphone, take photographs, record phone calls and gain access to the location or GPS data. The only definitive recourse and defence available is to install an MTD solution.
Approaching 2020, the time to act on mobile threats is now – contact us today if you would like to explore options to protect your mobile estate in the new year.