StrandHogg 2.0 is an Android Bug that Poses Serious Security Threats

- Advertisement -

If your phone is operating below Android version 9.0 you might want to continue reading. Security researchers have found out a severe vulnerability that poses risks to users of Android versions below 9.0. This Android bug lets malware exploit and gain access to almost all applications.

This bug attacks a device by showing a fake interface which will trick users to give away sensitive information that includes drawing off app passwords, photos, contacts, track the real-time location of that device, make and keep records of phone calls, and also spy on the victims through camera and microphone.

Google has called this vulnerability as a ‘critical severity’ issue (CVE-2020-0096).  According to Norwegian security firm Promon, which is primarily responsible for conducting the research, this is the “evil twin” to the bug with a similar name. StrandHogg 2.0 was revealed six months after the StrandHogg bug was originally discovered. 

- Advertisement -

What makes it even worse is that this bug is “nearly undetectable” making it almost impossible for anti-virus and application security scanners to detect it in the first place. This is a reason why this version of StrandHogg is a lot more threatening than its predecessor, making users susceptible to broader attacks.

Promon mentioned that Google was informed about StrandHogg 2.0’s predecessor back in December 2019, allowing Google to come up with a patch for the bug. Google, however, has provided a patch to the Android ecosystem partners in April 2020 and for devices operating on Android 8.0, 8.1, and 9.0. Despite the update being rolled out, many OEMs do not always release these updates to keep the devices up to date, proving to be a risk to users.

StrandHogg 2.0 is an Android Bug that Poses Serious Security Threats

There’s a bit of a relief, however, as Promon has decided to delay revealing the details of this bug because releasing it before Google comes up with a concrete solution to this “critical” vulnerability would simply be hazardous. 

So how does this bug work? 

- Advertisement -

A user taps on an app icon of a particular app which proves to be a malicious app in the guise of a legitimate one. The bug will then intercept and gain access to sensitive information by showing a false login window for the app. Once the password and other sensitive information, such as online banking credentials, are fed into the malicious app, the hacker’s server receives the information. StrandHogg 2.0’s predecessor could attack one app at a time, StrandHogg 2.0 can access almost every app simultaneously.

To compound problems, StrandHogg 2.0 doesn’t require Android permissions to run, it can assume the identity to quickly give permissions to hijack and gain access to contacts, photos and much more. Two-factor authentication also cannot defeat StrandHogg 2.0. A spokesperson for Google has mentioned that they have released the fix for the issue identified by Promon. An app screening service will block the apps trying to exploit the StrandHogg 2.0 vulnerability. 

StrandHogg 2.0 is an Android Bug that Poses Serious Security Threats

How can you stay alert? 

- Advertisement -

There is no guaranteed and dependable way that ensures that one can block the StrandHogg attacks. However, there are certain points that one can keep in mind while using the applications on their phones:

  • Beware if an app that you are already logged in is asking for your login credentials again. 
  • If apps that do not ask for permissions at the first place are asking for permissions, there could be a possible attack.
  • Check if a permission popup is suspiciously not displaying the name of that particular app.
  • Look out for buttons and links in the user interface which are non-functional. 
  • Check if the back button is working as it is supposed to. 

Along with keeping these points in mind, it is advised that Android users keep their devices updated as soon as they can.

- Advertisement -
StrandHogg 2.0 is an Android Bug that Poses Serious Security Threats
Anushmita Samal
Books, art, aesthetics, colours and undying love for lemon tarts and flowers!

Leave a Reply

Related posts

AdvertismentStrandHogg 2.0 is an Android Bug that Poses Serious Security ThreatsStrandHogg 2.0 is an Android Bug that Poses Serious Security Threats

Latest posts

Netflix’s ‘Sing On! Germany’ Review: Same Old Karaoke Game Show

Sing On! Germany has the same format, the same concept and so the same flaws too. This is about Karaoke and a game show coming together but is not fun to watch!

Amazon Funnies Review: 14 Comedians, 14 Episodes, And Crazy Laughter!

Sapan Verma, Anubhav Singh Bassi, Rahul Dua, Nishant Suri, Rahul Subramanian, Sumukhi Suresh, Karthik Kumar, Sumit Saurav, and more come together for Amazon Funnies and it's hilarious!

Netflix’s Tiny Creatures Review: These Tiny Survivors Are Unconventional Heroes

Tiny Creatures is built around the struggles for survival of small animals as they live in the wild world. The series is a worthy watch.

Next Article Loading