What you need to know
- Security researchers have found another exploit similar to the original Strandhogg discovered back in December.
- This version is more sophisticated, allowing it to pose as a legitimate app that users are putting their passwords into permission hijacking.
- This exploit does not work with Android 10 and has been patched in the latest Android security fixes.
Looks like Strandhogg is back with an even more evil twin — and this is coming from someone who is an evil twin herself. Strandhogg 2.0, announced today by security researchers, once again tricks users into thinking that they’re putting their passwords into a legitimate app when they’re actually putting it into malware. The exploit is a more sophisticated version of the original Strandhogg exploit found back in December that made users think they were interacting with a legitimate website instead of a malware layer.
This new version only impacted Android 9.0 and below — Android 10 wasn’t susceptible to it — and Google has said that this has been fixed the latest Android security patches for previous Android versions. When I asked out in-house security guru Jerry Hildenbrand about how worried the average user would need to be about it, he summed it up pretty easily:
It seems sophisticated, so its not very likely to have ever been found or used “in the wild”. It was also patched in last security update, so even Google sees how important it was to close the hole even considering the above.
So, what happened here is the system seeming to work: some security researchers found an exploit, told Google and collected their bug bounty for it, Google patched the bug, and then the security researchers published what they found after most phones were protected by the new patch so that they could show off their work and remind us why security researchers matter.
Thanks, Promon, and nice logo.
We may earn a commission for purchases using our links. Learn more.
Meet ARM’s Cortex-X, the design that could create custom Pixel chips
Big and fast, slow and wide, or even both at the same time — ARM’s Cortex-X program lets companies building ARM chips take part in the design process for a custom edge. It’s also the system that could allow Google to make its own custom chips for Pixel phones.
These are the best apps for your Android device — period
It can be difficult to find the “right” app when surfing the Play Store simply due to the sheer number of options available. Regardless of what type of app you’re looking for, there’s an app that can help make your life easier.
- Google’s Waze accused of stealing data from rival traffic app
- Android app security basics: Easy ways to keep your phone safe
- Your Android Apps May Be Sweet-Talking Advertisers Behind Your Back
- ANDROID APP REVIEW 3G Watchdog Pro Keeps Massive Data Charges at Bay
- ANDROID APP REVIEW Voxer Gives Push-to-Talk a Multimedia Makeover
- Infected Android Apps From Google Play Affect Millions
- DoJ Stamps Out Sites Allegedly Hawking Pirated Android Apps
- BitTorrent Sync Could Keep Data Under Wraps
- Is Google helpless to stop the scourge of Android malware?
- OPINION The App Store and the Future of Software: Secure, Sanitized and a Little Sad
- Pirated Apps Smuggle Trojans Onto Android Phones
- Researchers find Android users are at serious risk of installing insecure apps
- Google Remote-Detonates Dirty Apps, Promises to Do Better
- Do you need antivirus on Android? We asked an expert
- EXPERT ADVICE Mobile App Attacks: No Malware, No Problem
- It’s OK! Android’s latest malware scare probably won’t affect you
- New Android Malware Sprouting Like Weeds
- Gooligan Ransacks More Than 1M Android Accounts
- SPOTLIGHT ON SECURITY Bogus Apps Litter Android With Malware
- SPOTLIGHT ON SECURITY Hackers Demand Ransom for Hijacked Androids
Strandhogg 2.0 steals data by posing as legitimate Android apps have 788 words, post on www.androidcentral.com at May 26, 2020. This is cached page on TechNews. If you want remove this page, please contact us.