CERT-In Advisory
CIAD-2019-0037
StrandHogg vulnerability in Google Android
Original Issue Date: December 09, 2019
Severity Rating: High
Systems Affected
Description
A vulnerability which has been named "StrandHogg" has been reported to be present in the Android operating system. The vulnerability allows a malicious application tomasquerade as any other app.The vulnerability exploits an Android control setting called "taskAffinity" which allows an application to assume any identity in the multitasking system.
When users tap on a legitimate app, a malicious code is triggered in place of the original one. The attacker can then access sensitive information and fetch user¿s login credentials and gain access to security-sensitive apps.
Following anomalies, if observed, may be an indication of this exploit:
- An app or service that you¿re already logged into is asking for a login.
- Permission popups that do not contain an app name.
- Permissions asked from an app that shouldn¿t require or need the specific permissions it asks for.
- Typos and mistakes in the user interface.
- Buttons and links in the user interface that do nothing when clicked on.
- Back button does not work as expected.
If any malicious behavior/activity is observed, it is advised to either do a factory reset of the device or uninstall and then reinstall all applications from Play Store/ trusted sources only.
Best practices for usage and installation of Android applications
- Unsolicited texts, emails, or sudden notifications that appear to be from a bank, retailer, or other known institution may not always be what they seem. Use caution with any link delivered to you and always read the message first.
- Do not download and install applications from untrusted sources [offered via unknown websites/ links on unsolicited messages or emails]. Ensure to turn off the "Unknown Source" option in the Security Settings page. Install applications downloaded from reputed application markets only.
- Prior to downloading/installing apps on mobile devices (even from trusted application stores), always do some research on the developer of the app you plan to install. Search the developers name and scan through the results. A genuine developer is most likely to have a website and other details on the net. Apps that have the tags "Editor's Choice" or "Top Developer" are more than likely to be a genuine legitimate app.
- Read all app permissions carefully. When in doubt the best rule of thumb to abide by is to ensure that the permissions asked by an app must comply with its functions/features. For example, if a flashlight app is requesting permission to access SMS, call logs, media files, etc., then this is definitely a red flag and not an app you should be downloading.
- Install updates and patches as and when available from device vendors/service providers.
- Always run a reputable mobile security app for your device, and keep it up to date regularly. A mobile security app can help to scan the apps you download for malware and spyware, and protects you from unsafe websites.
References
https://promon.co/security-news/strandhogg/
https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/strandhogg-android-vulnerability-allows-malware-to-hijack-legitimate-apps
https://threatpost.com/strandhogg-vulnerability-allows-malware-to-pose-as-legitimate-android-apps/150750/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|