A new vulnerability in Android named ‘Cloak & Dagger‘ has recently been discovered by the researchers and the worst news is that the latest Android version, Android 7.1.2 Nougat also contains it. Though the error was discovered by some others almost 9 months ago, unfortunately, it could not be addressed properly even in the latest versions of the Google’s Operating System. Well, if the exploit is eradicated completely, it may affect your smartphone’s performance in a pretty negative way.
How Dangerous is Cloak & Dagger and How Does it Affect Your Smartphone?
Cloak & Dagger is a stealth attack on your smartphone as you won’t be able to know if your device is under attack. In fact, it grants permissions to malicious apps to take over the user interface feedback loop and gain control of infected devices. Though Android has increased the security in this regard and it pushes you to keep your “draw on top” and other permissions off but somehow, it manages to attack when the permissions are turned on for some genuine reasons.
SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”) are the 2 permissions required for the malware to attack. If you don’t know what “Draw on top” is, it is actually the permission that allows apps like Facebook Messenger to create windows above the main window. Just like you move the Messenger Chat heads here and there or even minimize it.
So basically what happens is that the permissions that you grant to a genuine app can be stolen by malicious apps to acquire your text input. If you are wondering what is included in the text input, it even includes your passwords, authentication codes and other private and confidential information. So when your information is leaked out through this method, it is called as “Clickjacking.”
How To Protect Your Data From Cloak & Dagger Exploit?
Android is well aware of this problem and it pushes users to keep the draw on top permission disabled. This can make using some features like overlays and separate windows difficult for you but in the long run, this is for your own safety. Also, Android is planning to come up with a totally new solution for this problem in the upcoming Android O.