StrandHogg flaw lets hackers hijack almost any Android phone

Alonzo Simpson
December 5, 2019

It lets a malicious app hijack the fullscreen-display process from another app and seize control of the screen without the user's knowledge.

CYBER CRIMS can craft apps to steal bank login details thanks to a major security weakness in Android discovered by security firm Promon.

Researchers have warned of a security flaw in Android that is being actively exploited to steal online banking logins. The study found that it gathers Global Positioning System coordinates of where photos were taken and then sends the information to its own servers, regardless of whether users allowed or declined the app permission to access their location.

StrangHogg was identified after Promon learned that several banks in the Czech Republic reported money disappearing from customer accounts.

Over 1k Android apps harvest your data even if denied permission - study Researchers have found more than 1,000 Android apps that skirt around data protection restrictions that "protect" consumer privacy, collecting data even when users deny permission to the app to access their information.

They found that 60 separate financial institutions were being targeted via apps that sought to exploit the loophole. However, users are still able to install other malicious applications from the Play Store and get these programs as secondary payloads for more intrusive StrandHogg attacks.

Upgraded indictment likely against Giuliani associates
Federal prosecutors say both also participated in a strategy to force the ouster of their then-U.S. ambassador in Ukraine. Current and former USA officials have testified that Giuliani carried out a shadow foreign policy in Ukraine.


By unknowingly granting permissions to the malicious apps, users can enable a broad range of attacks, including giving attackers access to data stored on their devices or their location data, or allowing them to send and intercept SMS messages or phone calls or eavesdrop via the phone's microphone. "When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps", said the cybersecurity firm. "Promon's recent findings make the vulnerability as severe as it's ever been".

"The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected", noted Promon CTO Tom Lysemose Hansen.

The StrandHogg permissions-harvesting mechanism.

Craig Young, computer security researcher for enterprise cybersecurity firm Tripwire Inc.'s vulnerability and exposure research team, told SiliconANGLE that user interface redressing vulnerabilities can be particularly unsafe in mobile platforms where there are typically already fewer on-screen indicators to confirm what site a user is interacting with. And since it has all the required permits, the app can do whatever they want without informing the users.

None of those 36 apps were in the Google Play Store, but there's a twist. "These apps have now been removed, but in spite of Google's Play Protect security suite, dropper apps continue to be published and frequently slip under the radar, with some being downloaded millions of times before being spotted and deleted", researchers say.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER