Lollipop, Marshmallow and Nougat involved
The Android operating system is present on billions of devices around the world and, as software, does not escape one of the rules of the test which states that the absence of the faults is a utopia. Researchers at security firm MWR InfoSecurity have exposed a new operating system vulnerability. Back to Google in early January 2017 by the team of researchers, it allows an attacker to abuse an application to get a user to record the activity of his screen without his knowledge. The briefing note also notes the possibility of siphoning the audio from the system.
Vulnerability affects smartphones that run the Lollipop, Marshmallow and Nougat distributions; that is, when these lines are written, more than 75% of the Android devices on the market are concerned. This is due to the MediaProjection framework that launched with Lollipop distribution and whose role is to allow developers to capture the screen activity of a smartphone.
According to researchers at the security firm MWR InfoSecurity, in distributions prior to Lollipop, applications with such features had to either have root privileges or be signed with special keys, which leaves think that they were reserved for original equipment manufacturers. From Lollipop, they are accessible to third-party developers via this framework and the consequence is that they do not need root privileges or application signatures.
Moreover, as noted by the researchers of the security firm, it is not necessary to require permissions via the manifest file of the application. “To use the service, an application only needs to access it through an Intent. Access to the service is granted through the display of a system prompt that warns the user that the application requires permission to capture the screen activity, “write the researchers. In principle, the user is notified of the activity that is problematic except that the researchers of the security firm add that it is possible to superimpose a malicious invitation to that generated by the system. A message well placed and the user of the application is rolled.
“This vulnerability is mainly due to the fact that the affected Android versions are unable to detect that a system prompt has been partially hidden,” the researchers added.
To date, only the Oreo distribution of the Android operating system contains a fix for this problem. Old distributions of the operating system therefore remain vulnerable. However, researchers at the security firm say that this type of attack is not completely silent. According to the latter, an application that accesses this service generates a notification in the dedicated bar for this purpose. Users should pay particular attention to the presence of a screencast icon as shown above. Morality: pay attention to the applications that we download. Fortunately, in this case there is a point of support for vigilance.