Recently, the security researchers at Promon have identified a new dangerous elevation of privilege vulnerability in Android that allows the attackers to gain access to almost all applications installed on the device.
According to the classification of Google, this security flaw is classified as ‘critical’ and received the CVE ID, “CVE-2020-0096.” Apart from this, the security experts have named this flaw as “StrandHogg 2.0,” due to its similarity to the previously discovered StrandHogg vulnerability.
This new flaw, StrandHogg 2.0, allows the attackers to gain access to all the applications installed on the device, just like the previous version of this flaw, ‘StrandHogg.’
But StrandHogg 2.0 significantly expands the attack surface, and it is more difficult to detect, which makes it the “evil twin” of the previous version.
Unlike StrandHogg, StrandHogg 2.0 does not exploit the Android attribute known as TaskAffinity, which allows hacking the multitasking function of the operating system, and because of this, the attacker will certainly leave their traceable marks.
This new StrandHogg 2.0 vulnerability affects all the Android devices running the Android 9.0 and earlier versions. But, if you are using the Android Q or 10, then you don’t have to worry, as it’s the only Android version that is not affected by this flaw, but, currently, the Android Q or 10 is active on only 15-20% of the total Android-powered devices.
In short, due to its low availability still, billions of the Android smartphones are vulnerable to this new StrandHogg 2.0 flaw.
Moreover, the attack through StrandHogg 2.0 is carried out by means of reflection, due to which malware can seize legitimate applications without any restriction while remaining completely unnoticed.
By exploiting StrandHogg 2.0, an attacker can use the malicious application installed on the device under attack to steal SMS, photos, messages, credentials, track GPS location, make calls, record conversations, and spy on their victims using the smartphone microphone and camera.
Though the security researchers have classified it as “Evil Twin,” but StrandHogg 2.0 is the moded version of StrandHogg, and its code-based execution makes it more challenging to identify.
Moreover, the security researchers have already notified Google about this new security flaw in December 2019, and in April 2020, Google sent a fix to all its Android ecosystem partners. Apart from this, the fix for Android version 9 and earlier will be released publicly this month, May 2020.
Here, the risk of being affected by this type of malware is quite low, but there is no guarantee. That’s why we strongly recommend all the users to install the latest security patches available, as it’s a practice that should always be followed to mitigate this type of security flaws.
So, what do you think about this? Share all your views and thoughts in the comment section below.
We're currently living in an age where digital threats loom large. Among these, ransomware has…
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…
An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…
One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…
In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…