StrandHogg 2.0 flaw allows hackers to hijack almost any Android app

The second-generation Android vulnerability is ‘even more dangerous and difficult to detect'

Google has patched a critical vulnerability, resembling 2019’s infamous StrandHogg flaw, that allows hackers to hijack almost any app on the Android mobile operating system

The flaw, assigned CVE-2020-0096, has been dubbed StrandHogg 2.0 due to the similarities with the original flaw discovered in December. The successor allows for broader attacks and is far more difficult to detect, rendering it, in effect, an “evil twin”, according to Promon researchers.

Advertisement - Article continues below

The original StrandHogg exploited the Android control setting ‘TaskAffinity’ which hijacks Android’s multitasking feature and therefore left traceable markers. The newer iteration is executed through reflection, which means malicious apps can assume the identity of legitimate apps while remaining completely hidden.

Once a malicious app is installed on a device, hackers can gain access to private SMS messages and photos, track GPS movements, steal login credentials, make or record phone conversations, and spy through a phone’s camera and microphone.

“Attackers looking to exploit StrandHogg 2.0 will likely already be aware of the original StrandHogg vulnerability and the concern is that, when used together it becomes a powerful attack tool for malicious actors,” said Promon founder and CTO Tom Lysemose Hansen.

“Android users should update their devices to the latest firmware as soon as possible in order to protect themselves against attacks utilising StrandHogg 2.0. Similarly, app developers must ensure that all apps are distributed with the appropriate security measures in place in order to mitigate the risks of attacks in the wild.”

Advertisement - Article continues below
Advertisement - Article continues below

While StrandHogg can only attack apps one at a time, the recently-discovered version attacks nearly any app on a given device simultaneously, the researchers found. Strandhogg 2.0 also doesn’t require root access or permissions from the device to be executed.

By exploiting the flaw, a malicious app installed on a device can trick the user so that when an app icon of a legitimate app is selected, the malicious version is instead shown on the display. If victims input login credentials, those are immediately sent to the attacker, who can access and control security-sensitive apps.

Related Resource

Introducing VMDR: Vulnerability Management, Detection and Response

The all-in-one vulnerability management service

Download now

StrandHogg 2.0 is also more difficult to detect because, unlike in the original flaw, attackers don’t need to explicitly enter the apps they are targeting into the Android Manifest, which becomes visible within an XML file, which shows a declaration of permissions. Malware exploiting StrandHogg 2.0 will also be harder for antivirus software to detect.

Advertisement - Article continues below

Exploits don’t impact devices running the Android 10 operating system, although a significant portion of Android users still run older versions of the OS, meaning a large swathe of the public is at risk. Figures from Google show that 91.8% of Android users are on version 9.0 or earlier.

Promon was notified of the vulnerability in early December last year and rolled out a patch to the Android ecosystem partners in April 2020. A security patch for Android versions 8.0, 8.1 and 9 are set to be rolled out this month. 

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020