Wednesday, 9 March 2016

Anther day, another Android vulnerability: "“Accessibility Clickjacking”"

     Around half-billion Android devices are at risk. So, as an Android user, you must be worried. Mobile security firm Skycure has found a new Android malware that allows malicious apps to access all text-based data on an Android device without any permission from the user. This new malware is called ‘Accessibility clickjacking’.

     Clickjacking tricks victims to click on an element that is not actually visible and something else appears on the screen. Users never knew what they were actually clicking but in reality, they were clicking on permission button.

     This malware can monitor all of the activities and allow an attacker to read, compose documents of emails. An attacker can also wipe the device remotely.

    Accessibility APIs were introduced in Android 1.6 and enhanced in Android 4.0. These APIs allow Accessibility Services to access the contents of the interfaces that a user interacts. By using Accessibility Clickjacking, a malicious application can access all sensitive text-based information on an infected Android device. It is worth to mention that later version of Android including 5.0 or higher versions are safe as these versions do not allow other apps to draw over critical system popups. 

     The most frightening aspect of this discovery is that Skycure was able to replicate the vulnerability on 65% of Android devices — basically anything from Android 2.2 Froyo to Android 4.4 KitKat. Unless you’re upgraded to Lollipop or above, you could potentially be a victim of accessibility clickjacking in the future. 

List of Android Versions Affected by Accessibility Clickjacking

 
Version Codename API Distribution
2.2 Froyo 8 0.1%
2.3.3 – 2.3.7 Gingerbread 10 2.7%
4.0.3 – 4.0.4 Ice Cream Sandwich 15 2.5%
4.1.x Jelly Bean 16 8.8%
4.2.x
17 11.7%
4.3
18 3.4%
4.4 KitKat 19 35.5%
5.0 Lollipop 21 17.0%
5.1
22 17.1%
6.0 Marshmallow 23 1.2%

Prevention Steps???

The following is a list of user behavior recommendations to better protect end users from mobile threats:

  1. Update the operating system to the latest as soon as an update becomes available
  2. Do not click on any dialogue boxes popping up on your phone unless and until you are sure about the action that caused them to appear
  3. Do not install applications from third-party app stores if you do not trust them (while in many cases this is not a realistic option, try to switch off the setting that allows third-party app installation)
    (a) Step 1 – Open “Settings” app.
    (b) Step 2 – Navigate to “Security” settings
    (c) Step 3 – Uncheck “Unknown sources”

                              

  4. Check for apps that utilize accessibility permissions on your device and turn this option off if you don’t recall turning it on or if you do not require that functionality.
    (a) Open “Settings” app.
    (b) Navigate to “Accessibility” settings
    (c) Make sure there is either no group named “Services”, or the group has not enabled entries.

                             
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)