Ever since its release Android has been constantly under the attack of hackers and people trying to take advantage of the Operating System’s openness. However, the Google usually fixes these bugs as soon as they can and most of them aren’t permanent, though several users fall victim to them.
The ‘hack’ we’re discussing is a fresh one which uses the ability of the Android OS of multitasking to its advantage. The hackers create these spoof login screens which open on top of or in place of the app you initially planned to run. This login screen would look exactly like you would expect the app’s login screen to look, the only difference being that this one is a fake and will not log you in but would send you login details to where ever it is programmed to send them to.
A paper on the vulnerability presented at the USENIX Security 15 conference stated:
Android multitasking provides rich features to enhance user experience and offers great flexibility for app developers to promote app personalization. However, the security implications of Android multitasking remain under-investigated.
With a systematic study of the complex task dynamics, we find design flaws of Android multitasking which make all recent versions of Android vulnerable to task hijacking attacks. We demonstrate proof-of-concept examples utilizing the task hijacking attack surface to implement UI spoofing, denial-of-service and user-monitoring attacks. Attackers may steal login credentials, implement ransomware and spy on user’s activities.
We have collected and analyzed over 6.8 million apps from various Android markets. Our analysis shows that the task hijacking risk is prevalent. Since many apps depend on the current multitasking design, defeating task hijacking is not easy.
These attacks are very similar to Phishing attacks often executed on the internet. A Google spokesperson stated that the researchers have overstated the issue and added:
Android users are protected from attempts at phishing or hijacking like this (including manipulation of the user interface) with Verify Apps and Safety Net security features.