New Android Hack Tricks Users Into Recording Screens
Android is currently the most widely used mobile OS on the market. There are a variety of reasons for its large market share including the affordability of Android smartphones and the customization offered by the OS. However, this widespread popularity has made the OS vulnerable to a number of exploits and malware.
A new form of malware has been discovered by MWR InfoSecurity which records a user’s screen without their consent. The exploit targets Android 5.0 Lollipop to Android 7.1 Nougat. The latest version of Android, 8.0 Oreo, is not affected by this exploit.
The hack makes uses of the MediaProjection framework that was introduced in 5.0. It allowed app developers to record a phone’s screen alongside audio recordings. Prior to 5.0, Android required app developers to have access to root prerogatives in order to record a phone’s screen.
Even under the MediaProjectoin framework, apps still require user permission to record their phone’s screen, but crafty app developers have created fake UI interfaces that trick users into given their consent without their knowledge. This is due to the fact that versions of Android Lollipop or newer don’t have the ability to detect screen overlays or fake UI popups.
Google appears to be aware of this issue and has released a patch for Oreo which protects users of that version of the OS. However, the majority of Android phones do not run the latest version of the OS. This is particularly a problem with lower-end smartphones. Flagship phones tend to get updates faster than lower end phones, but even some flagships lag behind on updates both manufacturers and carriers have to roll them out.
Unfortunately, there’s no easy fix for this problem, but there are precautions that users can take.
“However, this attack is not entirely undetectable,” MWR’s blog reads. “When an application gains access to the MediaProjection Service, it generates a Virtual Display which activates the screencast icon in the notification bar. Should users see a screencast icon in their devices notification bar, they should investigate the application/process currently running on their devices.”
Eric is an avid tech junkie, gamer, and comic fan. When he's not working on his PC, you'll find him at your local comic book shop.