News Categories

Android vulnerability allows hackers to record your display

By John Law & James Lu - on 21 Nov 2017, 10:24am

Android vulnerability allows hackers to record your display

Security experts, MWR Labs, have discovered an exploit that affects any Android smartphone running 5.0 Lollipop, 6.0 Marshmallow, or 7.0 Nougat that can trick users into recording screen contents without their knowledge.

That exploit makes use of MediaProjection, an Android service that is capable of capturing screen contents and record system audio.

Last week, MWR Labs published a report discussing how malware developers could potentially hijack MediaProjection with a fake SystemUI popup.

"The primary cause of this vulnerability is due to the fact that affected Android versions are unable to detect a partially obscured SystemUI pop-ups. This allows an attacker to craft an application to draw an overlay over the SystemUI pop-up which would lead to the elevation of the application’s privileges that would allow it to capture the user’s screen. Furthermore, the SystemUI pop-up is the only access control mechanism available that prevents the abuse of the MediaProjection service. An attacker could trivially bypass this mechanism by tapjacking this pop-up using publicly known methods to grant their applications the ability to capture the user’s screen."

Google has patched this vulnerability for Android 8.0 Oreo, but older versions of Android remain vulnerable.

Source: MWR Labs.