Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: info@c2techs.net

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • Privacy Policy
FREECONSULT
Tuesday, 03 December 2019 / Published in Woo on Tech

Exploited Android Vulnerability Still Not Patched

Android in the crosshairs again

Since Android OS version 6, the widely used smart phone platform has been vulnerable to an exploit of a feature that Google touts as a competitive advantage over its chief competition – multitasking. Without getting down into the technical weeds, the vulnerability takes advantage the operating system’s inherent ability to do multiple things at once, allowing malicious apps to impersonate a legitimate, trusted app on your phone while asking for permissions that it will then use to invade your privacy and steal data.

Surely Google Play’s security scans will stop this?

Despite being documented as far back as 2015, Google has continued to downplay the security loophole even though up to the time of the article’s publication, 36 different apps were available on the Play Store that were identified as exploiting the weakness, dubbed StrandHogg, and apps exploiting this “overlay” technique have been showing up in the store since 2017. Unfortunately, despite Google’s efforts, many malicious apps still manage to make it through their security screening, including highly popular apps such as the infamous “CamScanner” app that had been compromised and turned into hidden malware conduit.

“What can men do against such reckless hate?”

Unfortunately, there’s only so much heavy lifting you can do on your own. In the case of the CamScanner incident, even the developers allegedly did not know their app had been compromised and injected with the malicious dropper library that went on to infect its users. If you were being diligent on updating your apps to repair bugs and patch security holes, you walked right into a trap you couldn’t possibly have avoided. That being said, there are things you can watch out for:

  • Apps that suddenly ask for permissions it should already have.
  • Apps that ask for login credentials it should already have.
  • Apps that ask for permissions that don’t make sense, ie. a Calculator app asking for permission to access your camera or microphone.
  • Permission or login popups that look strange or don’t match the app it supposedly comes from.
  • Spelling, grammar and punctuation errors.
  • Email warnings from services detailing unusual activity or unexpected logins.

If you notice anything of these things, immediately stop and assess the situation. If you are uncertain how to check your phone for malicious apps or compromised security, definitely do not grant new permissions or enter confidential information into any prompts until you can verify your devices integrity.

  • Tweet

What you can read next

More “Fun” with Facebook
2-Factor Security
Apple adds 2-factor Authentication to AppleID
home-office
So you wanna work from home?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Social Media monetizes our need to be social

    Part of our occasional series “The Elepha...
  • Freemail accounts will be hacked

    Most of you know that I do not recommend using ...
  • LastPass Breach is bad news for everyone

    Late in the year, just in time for the holidays...
  • 2023 – Approach with Caution

    Traditionally I like my year-end messages to be...
  • Privacy sign

    Popular tax apps leaked your data to Facebook

    While it shouldn’t come as a surprise to any of...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP