StrandHogg 2.0 flaw allows hackers to hijack almost any Android app

The second-generation Android vulnerability is ‘even more dangerous and difficult to detect'

Google has patched a critical vulnerability, resembling 2019’s infamous StrandHogg flaw, that allows hackers to hijack almost any app on the Android mobile operating system

The flaw, assigned CVE-2020-0096, has been dubbed StrandHogg 2.0 due to the similarities with the original flaw discovered in December. The successor allows for broader attacks and is far more difficult to detect, rendering it, in effect, an “evil twin”, according to Promon researchers.

The original StrandHogg exploited the Android control setting ‘TaskAffinity’ which hijacks Android’s multitasking feature and therefore left traceable markers. The newer iteration is executed through reflection, which means malicious apps can assume the identity of legitimate apps while remaining completely hidden.

Once a malicious app is installed on a device, hackers can gain access to private SMS messages and photos, track GPS movements, steal login credentials, make or record phone conversations, and spy through a phone’s camera and microphone.

“Attackers looking to exploit StrandHogg 2.0 will likely already be aware of the original StrandHogg vulnerability and the concern is that, when used together it becomes a powerful attack tool for malicious actors,” said Promon founder and CTO Tom Lysemose Hansen.

“Android users should update their devices to the latest firmware as soon as possible in order to protect themselves against attacks utilising StrandHogg 2.0. Similarly, app developers must ensure that all apps are distributed with the appropriate security measures in place in order to mitigate the risks of attacks in the wild.”

While StrandHogg can only attack apps one at a time, the recently-discovered version attacks nearly any app on a given device simultaneously, the researchers found. Strandhogg 2.0 also doesn’t require root access or permissions from the device to be executed.

By exploiting the flaw, a malicious app installed on a device can trick the user so that when an app icon of a legitimate app is selected, the malicious version is instead shown on the display. If victims input login credentials, those are immediately sent to the attacker, who can access and control security-sensitive apps.

Related Resource

Introducing VMDR: Vulnerability Management, Detection and Response

The all-in-one vulnerability management service

Download now

StrandHogg 2.0 is also more difficult to detect because, unlike in the original flaw, attackers don’t need to explicitly enter the apps they are targeting into the Android Manifest, which becomes visible within an XML file, which shows a declaration of permissions. Malware exploiting StrandHogg 2.0 will also be harder for antivirus software to detect.

Exploits don’t impact devices running the Android 10 operating system, although a significant portion of Android users still run older versions of the OS, meaning a large swathe of the public is at risk. Figures from Google show that 91.8% of Android users are on version 9.0 or earlier.

Promon was notified of the vulnerability in early December last year and rolled out a patch to the Android ecosystem partners in April 2020. A security patch for Android versions 8.0, 8.1 and 9 are set to be rolled out this month. 

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021