Email Print Share

Impact

Patching Android vulnerabilities

NSF-funded computer scientists identified vulnerabilities in Android operating systems, protecting users from cyberattacks

Cybercrime costs the global economy an estimated $400 billion annually.


Cybercrime costs the global economy an estimated $400 billion annually.
Credit and Larger Version


March 27, 2018

This material is available primarily for archival purposes. Telephone numbers or other contact information may be out of date; please see current contact information at media contacts.

In May 2017, NSF-funded computer scientists uncovered vulnerabilities in the Android operating system that would allow attackers to view information on a user's phone. The vulnerability occurs when the device's owner activates a legitimate app that requests permission to overlay a feature, such as a chat window, on the phone's screen.

When enabled, this feature -- the "cloak" -- lets a hacker superimpose a fake window on top of the mobile user's window without their knowledge. The second app -- the "dagger" -- takes information captured by the hacker's "fake" window and conveys it to the real app beneath, giving the appearance that everything is normal.

The scientists alerted Google and worked with the company to implement a fix. A patch for the problem was released in early September 2017.

NSF Directorate(s):
 Directorate for Computer and Information Science and Engineering

Locations
 Georgia

Related Awards
 #1017265 TC: Small: A Foundational and Practical Platform for Host Security Applications
#0831300 Collaborative Research: CT-L: CLEANSE: Cross-Layer Large-Scale Efficient Analysis of Network Activities to Secure the Internet

Related Websites
Combination of Features Produces New Android Vulnerability: http://www.news.gatech.edu/2017/05/21/combination-features-produces-new-android-vulnerability
The 'Cloak & Dagger' Attack That Bedeviled Android for Months: https://www.wired.com/story/cloak-and-dagger-android-malware/
Android Toast Overlay Attack: “Cloak and Dagger” with No Permissions: https://researchcenter.paloaltonetworks.com/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/
Hack Brief: Patch Your Android Phone To Block An Evil ‘Toast’ Attack: https://www.wired.com/story/hack-brief-patch-your-android-phone-to-block-an-evil-toast-attack/

This NSF Impact is one of thousands of research outcomes made possible by NSF that help fuel the U.S. economy, enhance national security and sustain U.S. global leadership by advancing knowledge. You can search for more NSF Impacts at https://www.nsf.gov/impacts.

 Get Impacts by Email