Strandhogg 2.0 Android bug

Security researchers have found a vulnerability in Android devices that could allow hackers to steal data from users by tricking them into typing passwords in illegitimate apps. The bug affects all the Android devices running Android 9.0 and above.

Strandhogg 2.0 is the successor of the Strandhogg bug that was discovered in 2019. The bug was so dangerous that the Indian home ministry had to issue a warning against it. The upgraded version of the bug has been discovered by security researchers at Promon, a Norweigan security firm.

Speaking to Techcrunch, Promon’s founder said that Strandhogg 2.0 is more malicious than its predecessor because it is “nearly undetectable.”

Strandhogg 2.0 bug exploits Android’s multitasking feature that allows users to switch between different apps without closing them. To be affected by the bug, a user is required to download a malicious app (that appears as a legitimate app) that can exploit the Strandhogg 2.0 vulnerability.

Strandhogg 2.0 working

Strandhogg bug working 2
Source: Techcrunch

When a user opens the legitimate app on their phone, the malicious app impersonates it and creates a fake login window to steal passwords right under the nose of the user. The credentials typed into the fake overlay is sent to the hacker’s servers.

Apps affected by Strandhogg 2.0 bug do not need any special permission to display over other apps. On the contrary, it can hijack permissions of other apps, making it a deadly vulnerability that could be used to steal data, including photos, videos, documents, and other sensitive information.

If the malicious app manages to gain the required permissions, it could also steal text messages from the user’s device, including two-factor authentication codes.

Researchers haven’t found any evidence of hackers using the bug, but at the same time, they say there are “no good ways” to detect an attack owing to the obscurity of the bug.

Google has already released the patch of the bug in the latest Android security update. We recommend our readers to update their smartphones to evade any such attack.

SHARE
Avatar
Anmol is a tech journalist who handles reportage of cybersecurity and Apple and OnePlus devices at Fossbytes. He's an ambivert who is striving hard to appease existential crisis by eating, writing, and scrolling through memes.