New serious vulnerabilities found in Android system

Recently, security researchers at a professional application security protection company, Promon said that they found a vulnerability in the Android operating system and named it StrandHogg, which allows malicious applications to hijack legitimate programs and perform malicious operations on their behalf.

Currently, 36 applications have been discovered that use StrandHogg vulnerability. Promon did not list the specific names of these apps but said that none of these apps can be used directly through the official Play Store.

Android security updates

It is understood that the vulnerability can be used to trick a user into granting intrusive permissions to a malicious application when it clicks and interacts with it.  Regarding the technical details of the vulnerability, StrandHogg is actually a bug in the OS multitasking component. This mechanism allows the Android operating system to run multiple processes at once and switch between them when the application enters or exits the user view. When a user launches another application, through the task redo function, a malicious application installed on an Android phone can use StrandHogg errors to trigger malicious code.

Researchers said that through the packaging of legitimate applications, it is difficult for StrandHogg attacks to be directly discovered by users. StrandHogg attacks do not require root access to run and can work on all Android OS versions. Promon researchers also tested the top 500 most popular Android applications available in the Google Play Store and found that they can hijack the processes of all applications to perform malicious actions through StrandHogg attacks.

Promon said that the Android department had been notified of the vulnerability in the multitasking component this summer, but Android OS developers have not resolved the issue after more than 90 days.  Previously, in 2015, a team of scholars at Penn State University published a similar study that described theoretical attacks on task hijacking attacks that could be used for UI spoofing, denial of service, or user monitoring. Promon said that the StrandHogg attack greatly expanded the concepts described in similar studies in 2015.