Got an Android phone? BEWARE: Security experts find flaw that lets hackers take over your phone - and find out where you live


comments

Android smartphone owners are being warned about a vulnerability spotted in the advert libraries used by popular apps. 

These libraries, which are used across apps to show adverts on the device, can be exploited by hackers to take complete control of Android phones and tablets - even if they're running antivirus software.

This means hackers can take photos, record videos, send text messages and access the phone's clipboard - and from this they can determine the user's location, and even passwords.

Scroll down for video 

The vulnerability was found in the ad libraries used on popular Android apps (selection pictured) by researchers from California-based Fireye. Hackers can exploit this flaw to move traffic from the ad server to their own, and once they have the device attached to their server, they can take control of the phone

The vulnerability was found in the ad libraries used on popular Android apps (selection pictured) by researchers from California-based Fireye. Hackers can exploit this flaw to move traffic from the ad server to their own, and once they have the device attached to their server, they can take control of the phone

The vulnerability was discovered by researchers Yulong Zhang and Tao Wei from security firm Fireye.

They analysed 73,000 popular apps from Google Play with more than 50,000 downloads, and identiļ¬ed 93 ad libraries.

The vulnerability isn't with the apps themselves, but the ad libraries used via the Android software.

 

The hacker begins by exploiting the flaw in the code of Android ad libraries and uses it to push traffic from the advertiser's server to their own 'attack' server.

Once the phone is running on the attack server, the hacker can generate fake messages to appear each time a selected app is opened, for example. 

During a demonstration video, Rob Rachwald, senior director of corporate communications used a Samsung Galaxy S4, running Android 4.4.2, loaded with antivirus software, including Kaspersky.

He explained that within the attack server, the hacker can choose which permissions to grant themselves, such as taking photos, recording audio and video, send text messages, upload the clipboard, and make calls.

This attack, in theory, could run when any app the hacker selects to target is opened. 

HOW THE HACK WORKS AND HOW TO PROTECT YOURSELF 

The hacker begins by exploiting the flaw in the code of ad libraries in popular apps. They use this to push traffic from the advertiser¿s server to their own ¿attack¿ server. Once the phone is running on the attack server, the hacker can generate fake messages to appear each time a selected app is opened

The hacker begins by exploiting the flaw in the code of ad libraries in popular apps. They use this to push traffic from the advertiser's server to their own 'attack' server. Once the phone is running on the attack server, the hacker can generate fake messages to appear each time a selected app is opened

The hacker begins by exploiting the flaw in the code of ad libraries in popular apps. 

They use this to push traffic from the advertiser's server to their own 'attack' server.

Once the phone is running on the attack server, the hacker can generate fake messages to appear each time a selected app is opened. 

This activates the attack mode, when the OK message is selected.

Clicking OK on the fake message (pictured) grants permission for the hacker to control the device

Clicking OK on the fake message (pictured) grants permission for the hacker to control the device

Depending on the permissions the hacker is requesting, this means they can take a photo, or film a video in secret.

The names of these photos and videos can then reveal the GPS co-ordinates of the user.

Taking control of the clipboard is significant because it can be used to store passwords, as well as all the applications that appear on the target's phone. 

During a demonstration, Fireye used a Samsung Galaxy S4, running Android 4.4.2, loaded with antivirus software. This suggests antivirus software will not be effective at dealing with this attack.

Users are therefore advised to be cautious when clicking and agreeing to messages that appear on their phones when opening apps.

People should also make sure their software, and apps are up-to-date.  

Greg Day, chief technical officer at Fireye in Europe, the Middle East and Africa told MailOnline: 'While it is up to the developers to fix the bugs within apps, and the phone, consumers need to update their apps and operating systems as and when the updates come along. 

'Developers release these updates both to add new capabilities as well as to fix any bugs. 

Much like we have become used to ensuring our computers have the latest updates on them, we need to make sure we are doing the same on our smart devices.' 

Opening the infected app generates a fake message, which then grants permission for the hacker to control the device.

Depending on the permissions the hacker is requesting, this means they can take a photo using the phone's camera, for example.

This reveals photographic clues about the user's home or office, for example, and the data in the photo filename can also reveal their GPS co-ordinates.

The same applies for videos recorded on the phone, in secret.

Depending on the permissions the hacker is requesting, this means they can take a photo using the phone¿s camera. The photo filenames can also reveal the  GPS co-ordinates of the user (pictured). During a demonstration  Fireye used a Samsung Galaxy S4, running Android 4.4.2, loaded with antivirus software

Depending on the permissions the hacker is requesting, this means they can take a photo using the phone's camera. The photo filenames can also reveal the GPS co-ordinates of the user (pictured). During a demonstration Fireye used a Samsung Galaxy S4, running Android 4.4.2, loaded with antivirus software

Taking control of the clipboard is significant, continued Rachwald, because it can be used to store passwords, as well as all the applications that appear on the target's phone.

This helps the attacker to know what applications the user has, and they can use the passwords they've obtained to try and access all the applications in this list.

It can also send messages and calls. 

The researchers notified Google, ad vendors and app developers about related issues earlier this year, but said there are still 'millions of users under the threat of Sidewinder Targeted Attacks.'

Users are advised to be cautious when clicking and agreeing to messages that appear on their phones when opening apps. 

 



IFTTT

Put the internet to work for you.

Turn off or edit this Recipe

0 comments:

Post a Comment