It's really hard time for Android, as yet another serious vulnerability was discovered recently. The issue resides in the multitasking capability of the Android phones. According to the latest research conducted by the researchers at the Pennsylvania State University and FireEye, this serious security flaw gives hacker ability to spy on Android smartphone owners, steal login credentials, install malware, and much more.
This flaw makes it possible to lure the victim into to type their login details to a spoofed interface. This malicious interface could be controlled by the hacker and it runs whenever an app starts. Thus the sensitive details are stolen by hackers, through the malicious software program, without raising any suspicion to the user. Device owner will have no clue of what is happening and that makes it very dangerous.
Vulnerability in Android Task Management.
Task Hijacking Attack
Vulnerability in android task management mechanism can be leveraged to initiate task hijacking attacks on a vast scale.The researchers have found out that task hijacking flaw is prevalent in more than 6.8 Million apps from multiple Android app stores. The researchers also claimed that the vulnerability can impersonate the user interface of the app, which is controlled by the attacker on the other hand.
Here is a video providing a quick overview of the vulnerability.
How to protect yourselves?
As for now, no patch is being released and every version of android is vulnerable. To be on the safer side stick to apps from Playstore and other trusted app stores. By default google checks apps for hijacking and phishing attacks with Android's Verify Apps and Safety Net features.
Also read StageFright: Worst Android RCE Bug ever