All About StrandHogg Bug & Vulnerability.

All About StrandHogg Bug & Vulnerability oF Android OS.

All About Strand Hogg Bug & Vulnerability.

What Alert Did The Union Home Minister Sent To All The States?

The Union Home Minister has sent a very important alert to all states stating a message about the vulnerability of the Android Operating System stating a Bug called "Strand Hogg".

This Malware can continuously listen to the conversations of the victims Android device like accessing their photos, albums, read/send messages, making calls, recording conversations, accessing both cameras, and getting login credentials of various accounts, it can take and get full access of that device like taking an ownership of that device.


What Is Strand Hogg Bug Vulnerability?

Security researchers from a Norwegian firm Specialized in Application Security Annalizing said that they identified a Bug in the Android Operating system which can Hijack legitimate applications and perform a malicious and various operations on their behalf.

After researching the research team said the vulnerability can be used to trick users into gaining all the intrusive permissions to that malicious app when the user tap and interact with legitimate once.

The Vulnerability which can be pronounced as Strand Hogg can be used to show fake login pages { Phishing } when the user is tapping the keyboard capturing logs using a legitimate application.

All About Strand Hogg Bug & Vulnerability.

How Does Strand Hogg Bug Works?

More specifically, Strand Hogg is a bug in the Operating System component that can handle Multitasking the mechanism which allows the Android Operating System to run multiple processes at once and switch between them once an application goes in or out the user's view {screen}.

A malicious app installed on Android Smart Phone can exploit the Strand Hogg Bug can trigger malicious code when the user starts another application via a feature called " Task Reparation".

Basically, a user taps on a legitimate app, but bug executes codes from a malicious once.

INTERESTED THEN: PUBG Mobile New Updates of 2020.

Task Representing.

If an activity has it allow Task Reparenting attribute set to "True", it can move from the task it starts into the task it has an affinity for when that task comes to the fore.

For example, suppose that an activity that reports weather conditions in selected cities is defined as part of a travel application.

It has the same affinity as other activities in the same application the default affinity and it allows reparenting.

One of your activities starts the weather report, so it initially belongs to the same task as your activity.

However, when the travel application next comes forward, the weather report will be reassigned to and displayed with the task.

During this interception, the malicious application will seek permission to access the device's cameras, microphone, messages, GPS and store full access.

if the user grants these p0ermissions, the malicious app gains to these components.

All About Strand Hogg Bug & Vulnerability.

That Bug Working process?

Promon also said that strand Hogg attack doesn't need any root access to run, and it works in all Android Operating System versions, Including the latest Android version 10 release.

In addition, promon researchers also tested the top 500 most popular Android applications available on the play store and found that all app's processes can be hijacked to perform malicious action via a Strand Hogg attack.

The research team said it notified the android project od the vulnerability in the multitasking component over the summer, but android os developers have not fixed the issue after more than 90 days.

How To Check And How To Be Safe?

It shows pop-up asking for permission to send a notification, messages, etc, are one of the main entry points for "Strand Hogg" to launch the attack on the devices.

An app in which the user is already logged in it ask him/her to log in again is another anomaly pointing to the possibility of a CyberAttack.

Once users approve such requests, the malware would instantly access the mobile phone or tablet for specific purposes.

It can active the microphone, allowing a hacker in a remote location to listen to live conversations. The camera can also be switched on to capture visuals.


Post a Comment