500 Million Android Devices Affected by 'Accessibility Clickjacking' Malware: Report

Mobile security firm Skycure has claimed that a new Android malware can allow malicious apps to access all text-based data on a device without requiring permission from the user.

The research firm has further claimed that the latest Android malware family dubbed "Accessibility Clickjacking" impacts almost all Android versions except the last two versions - Android 5.0 Lollipop and Android 6.0 Marshmallow. It adds that Accessibility Clickjacking affects almost 65 percent of all Android devices "at this point" which turns out to be over 500 million Android devices. The research firm says that the malware family affects Android devices running Gingerbread, Ice Cream Sandwich, Jelly Bean, and KitKat OS versions.

Skycure's Yair Amit explains in a blog that the malware can access personal information including emails without the consent of the user. He adds, "Clickjacking is a term for a malicious UI redressing technique that tricks a victim into clicking on an element that is different than the one the victim believes to be clicking on. This technique, which relied on the ability of malicious websites to load a seemingly benign webpages with an invisible overlay from another service (attacked service), used to be a major concern in the Web-application security world and yielded a variety of attacks against important services or frameworks, such as Facebook, Twitter and Flash."

The security firm pointed out that the Accessibility Clickjacking malware is not just a theoretical threat, and that last month a ransomware named Android.Lockdroid.E that was found by Symantec used the malware to gain admin rights. Amit suggests that once accessibility has been enabled on the targeted device, the attacker can even change admin permissions.

Skycure has also demonstrated the malware workflow by using a rat-hitting game. While the user gets an impression that they are playing the game, the malware in the background gets the accessibility via user's consent.

"What actually happens in the background might come as a surprise to the victim - his/her clicks are actually propagated to an underlying and invisible layer of the operating system - the Accessibility approval dialog. Completing the game means that the victim unknowingly approved Accessibility permissions for the "benign game," adds Amit. The mobile security firm, apart from recommending users install the Skycure App, tells users to get onto the latest version of Android; not to click on dialogue boxes; not to use third-party app stores, and verify app permissions.

Virtual reality set to transform filmmaking

Chris Milk stepped onto a TED Conference stage and took the audience on an awe-inducing trip into the future of movies. While much of the early attention on virtual reality has focused on use of the immersive technology in video games, Milk and his US startup Vrse are using it to transform storytelling and filmgoing. "We have just started to scratch the surface of the true power of virtual reality," Milk said. "It's not a video game peripheral. It connects humans to other humans in a profound way... I think virtual reality has the potential to actually change the world." He had everyone in the Vancouver audience at TED , which ended Friday, hold Google Cardboard viewers to their eyes for what was billed as the world's collective virtual reality experience. Google Cardboard gear is literally that -- cardboard

Explained: Camera Improvements in the New HTC 10

With the HTC 10, the Taiwanese company is promising to undo the past wrongs in the cameras of its previous flagship phones. The camera has long a weak point in HTC devices. At first, HTC sacrificed image resolution in the M8 and made the size of individual pixels larger to capture more light (what HTC called Ultrapixel). But the resulting 4 megapixel images were often fuzzy, especially when cropped or enlarged. To fix the issue, in its next flagship - the M9 - HTC went with smaller individual pixels in a 20-megapixel camera last year, but it still underperformed in extreme situations, such as indoors and close-ups. In the HTC 10, the company attempts to strike a balance with larger individual pixels (1.55µm), but not as large as before and a 12 megapixel sensor in its camera coupled with a ƒ/1.8 lens. HTC accepts that in the imaging performance in the M9 was not up to the kind of spec of what they really like to see in a flagship. HTC is giving a slight boost to the selfi...

Freedom 251: 30,000 Units Sold, Components for Up to 2.5 Million Will Be Imported

Ringing Bells, the makers of the Rs. 251 smartphone - the Freedom 251 - confirmed to Gadgets 360 on Tuesday that it has still only accepted payments for 30,000 units of the phone. It also added that the components for these phones will be imported, and only assembled in India, not made here. Ringing Bells stopped accepting orders on February 19, and claims to have received over 70 million registrations. The company President and Director both repeatedly stated that the price of the phone would be made possible through economies of scale, and making the phone in India to cut out import costs. Economies of scale? However, in a discussion with Gadgets 360 the company revealed that it had only sold 30,000 units of the phone on day one. The company has now confirmed that it has not sent out the payment emails to anyone else who registered - "we were working out details of cash on delivery, which we are announcing now, so we will be sending emails to the first 2.5...

IntellectBeat

Search This Blog