Home

Nov 25, 2017

Android issue allows attackers to capture screen and record audio on 77% of all devices


Most of the Android devices (running Lolipop, Marshmallow, and Nougat) are exposed to an attack that exploits the MediaProjection service to capture the user’s screen and record system audio. By exploiting this issue, the attacker can simply fool a user into giving the proper rights to a malicious app.

Category:Google 

Most of the Android devices (running Lolipop, Marshmallow, and Nougat) are exposed to an attack that exploits the MediaProjection service to capture the user’s screen and record system audio. By exploiting this issue, the attacker can simply fool a user into giving the proper rights to a malicious app.

Google launched the MediaProjection service to the Android Framework in Android 5.0 to give developers the capability to capture screen contents and record system audio. Before Android 5.0, developers required their apps to run with root privileges in order to use system protected permissions to get screen contents.

A report by MWR Labs describes:
To use the MediaProjection service, an application would simply have to request access to this system Service via an Intent. Access to this system Service is granted by displaying a SystemUI pop-up that warns the user that the requesting application would like to capture the user’s screen.

The main issue with MediaProjection service is that it is not reliant on permission, which makes it difficult to discover if an application is going to make use of the service.

This issue has been fixed in Android 8 Oreo only, users running Lollipop, Marshmallow or Nougat remain at risk. The only true fix at the moment is to upgrade to Oreo.

authorarticle: Master3395

image: 

keywords: Google, android, vulnerability

Previous Article
Next Article
Discord

Page 1 of 505  >  >>

Tekya Malware Targets 1 Million Android Users Through Malicious Apps On Play Store

android.jpg

Apr 2, 2020 | Category: Google | Comments

While Google employs some tough policies for app developers to keep the Play Store safe, yet it never remains so. Once again, criminal hackers managed to ditch Google’s policies and flood the Play Store with malicious Android apps.

This time, they target users with Tekya malware distributed via numerous apps with almost 1 million downloads.

read more…

Skype does NOT disappear

skype.webp

Apr 1, 2020 | Category: Microsoft | Comments

Microsoft refuses ... for the time.

read more…

Check out OnePlus 8! They will reveal on April 14

oneplus8.webp

Mar 31, 2020 | Category: General | Comments

Completely raw in black with HDR10 + and 120Hz.

read more…

Page 1 of 505  >  >>