Strandhogg 2.0

Recently, the security researchers at Promon have identified a new dangerous elevation of privilege vulnerability in Android that allows the attackers to gain access to almost all applications installed on the device.

According to the classification of Google, this security flaw is classified as ‘critical’ and received the CVE ID, “CVE-2020-0096.” Apart from this, the security experts have named this flaw as “StrandHogg 2.0,” due to its similarity to the previously discovered StrandHogg vulnerability.

This new flaw, StrandHogg 2.0, allows the attackers to gain access to all the applications installed on the device, just like the previous version of this flaw, ‘StrandHogg.’

But StrandHogg 2.0 significantly expands the attack surface, and it is more difficult to detect, which makes it the “evil twin” of the previous version.

Unlike StrandHogg, StrandHogg 2.0 does not exploit the Android attribute known as TaskAffinity, which allows hacking the multitasking function of the operating system, and because of this, the attacker will certainly leave their traceable marks.

Key Features of StrandHogg 2.0

This new StrandHogg 2.0 vulnerability affects all the Android devices running the Android 9.0 and earlier versions. But, if you are using the Android Q or 10, then you don’t have to worry, as it’s the only Android version that is not affected by this flaw, but, currently, the Android Q or 10 is active on only 15-20% of the total Android-powered devices.

  • It is used to hijack the interface of any application.
  • Victims won’t be able to spot the attack.
  • Attackers can exploit this flaw without root access.
  • To exploit this flaw on any Android device, the attackers don’t need any special permission.

In short, due to its low availability still, billions of the Android smartphones are vulnerable to this new StrandHogg 2.0 flaw.

Moreover, the attack through StrandHogg 2.0 is carried out by means of reflection, due to which malware can seize legitimate applications without any restriction while remaining completely unnoticed.

By exploiting StrandHogg 2.0, an attacker can use the malicious application installed on the device under attack to steal SMS, photos, messages, credentials, track GPS location, make calls, record conversations, and spy on their victims using the smartphone microphone and camera.

Though the security researchers have classified it as “Evil Twin,” but StrandHogg 2.0 is the moded version of StrandHogg, and its code-based execution makes it more challenging to identify.

Moreover, the security researchers have already notified Google about this new security flaw in December 2019, and in April 2020, Google sent a fix to all its Android ecosystem partners. Apart from this, the fix for Android version 9 and earlier will be released publicly this month, May 2020.

Here, the risk of being affected by this type of malware is quite low, but there is no guarantee. That’s why we strongly recommend all the users to install the latest security patches available, as it’s a practice that should always be followed to mitigate this type of security flaws.

So, what do you think about this? Share all your views and thoughts in the comment section below.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

10 Best Free Android Remote Control Apps To Control Your PC from Android Phone Remotely

Project Sandcastle – Now You Can Run Android in iPhone

Google Advised Android Developers to Encrypt App’s Data Using Jetpack Security

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.