GETTY • PICTURE POSED BY MODEL
Cybercrminals can record EVERYTHING you do on your Android phone
A catastrophic new cyberattack has been uncovered – and it affects all versions of the Android operating system up to version 7.1.2, researchers at Georgia Institute of Technology have claimed.
Worst of all, Google will struggle to stop this latest attack, due to the way it infiltrates your Android device's permissions, the researchers added.
Dubbed Cloak and Dagger, the terrifying new attack allows hackers to silently take control of your smartphone and steal private data, including every keystroke, chats, PIN code, online account passwords, contacts, and more.
Cloak and Dagger doesn't exploit any specific vulnerability in the Android operating system.
Instead, the clever new attack abuses legitimate app permissions that are widely-used by legitimate apps to access certain features on an Android device, researchers have claimed.
Hackers have to use two permissions to initiate the attack.
The first permission, known as "Draw On Top", is a legitimate permission that allows applications to overlap on the screen as well as on top of other apps.
The second, known as "a11y", is designed to help visually impaired Android users, allowing them to enter data with voice commands, or listen to content on-screen using a screen reader feature.
According to the findings from Georgia Institute of Technology, a malicious app submitted to the Google Play Store colds exploit these legitimate app permissions to allow hackers access to your Android smartphone.
Once the malicious app is installed on a device, hackers can make a record of every keystroke you type, install other applications without your knowledge, silently unlock the device without waking the screen.
Cybercriminals would be able to spy on every activity you do on your phone.
Hackers can silently take control of your phone and steal private data, including keystroke, chats,
Get Quotes on Home Insurance
Researchers have published a number of video demonstrations of the Cloak and Dagger attacks – and it's a little terrifying.
Unfortunately, it's not going to be easy for Google to protect users against this type of attack.
According to Yanick Fratantonio, the Georgia Institute of Technology paper's first author, "changing a feature is not like fixing a bug.
"System designers will now have to think more about how seemingly unrelated features could interact. Features do not operate separately on the device."
Android 7.0 Nougat – Seven of the best features in Google's new operating system Sat, August 20, 2016
Android Nougat boasts a number of new features, including the ability to run two apps side-by-side, better battery life and improved encryption for personal data.
EXPRESS NEWSPAPERS 1 of 7
Nougat boasts a number of new features, including the ability to run two apps side-by-side, better battery life and improved encryption for personal data
Google is set to change the policy around the "Draw On Top" permission with Android 8.0, which is scheduled for release later this year.
That should stop the Cloak and Dagger attack, researchers have highlighted.
However, the next version of Android will take a long time to roll-out to users.
Android security team member Adrian Ludwig recently revealed that "About half of devices in use at the end of 2016 had not received a platform security update in the previous year"
Yes, that's right. "About half" of all Android devices did not get a single security update in the last year.
The Android Security Year in Review highlights a number of improvements in the Android ecosystem
That's not good news – especially when coupled with the latest findings from the Georgia Institute of Technology.
Unlike iOS software update, which are rolled-out simultaneously to all compatible devices by Apple itself, Google hands over its software updates to individual device manufacturers, dubbed OEMs.
Unfortunately, a worrying number of these manufacturers are slow to adopt operating system updates and critical security patches.
Google is well aware of the problem, and has desperately been looking for a solution for years.
The biggest cyber-attacks, hacks and data breaches Sat, May 13, 2017
From viruses to data breaches, cyber-crime is far from a modern invention – here is Express.co.uk's list of some of the biggest attacks in history.
Getty Images 1 of 15
14 of the biggest cyber-attacks, hacks and data breaches in history
The California-based company even considered a plan to publicly name and shame mobile carriers and device makers that drag their feet with important updates.
Thankfully, there is a workaround.
According to technology blog The Hacker News, the best way to disable the Cloak and Dagger attacks in Android 7.1.2 is to manually turn off the "Draw On Top" permission.
Head to Settings > Apps > Gear symbol > Special access > Draw over other apps.
Another precaution is to only download applications from trusted and verified developers on the Google Play Store.