The StrandHogg vulnerability (Task Hijacking)
Promon security researchers have found proof of a dangerous Android vulnerability, dubbed ‘StrandHogg’, that allows real-life malware to pose as legitimate apps, with users unaware they are being targeted.
First of all we started with basic knowledge of Activities and task in android .
You know very well ANDROID SYSTEM IS MULTITASKING SYSTEM
WHAT IS TASK IN Android?
Task is collection of actiivites in android . like for example: you opened a gmail application .
inbox activity is opened , now you click on message , a new activity is opened .
now, there are two activities but , collection of these activities is called task.
Activities are arranged in backstack(stack manner) - LIFO : LAST IN FIRST OUT.
NOTE: In android Activity Managing Service (AMS) - responsible for managing tasks in android.
::: LIFECYCLE OF TASKS IN ANDROID :
As you know android is multitasking so it give feasibility to developer:
SO A Question arising in your ? what the security concern regarding activity and task in android.
1. Android allows activities from different apps to reside in same task .
2. Android offers developers great flexibility to customize task behaviour.
To put activity from different apps into same task taskaffinity comes into play.
....WHAT IS TASK AFFINITY?
Task affinity specifies which task that the activity desires to join. by default all activities in an app have same affinity - the app package name.
taskaffinty have an attribute allowtaskreparenting. if allowtaskreparenting=true for activity A of application.and when a task with same affinity as a brought to the foreground, the system would move the A from its original task to the new foreground task.
EXLOITATION CODE:
Promon security researchers have found proof of a dangerous Android vulnerability, dubbed ‘StrandHogg’, that allows real-life malware to pose as legitimate apps, with users unaware they are being targeted.
First of all we started with basic knowledge of Activities and task in android .
You know very well ANDROID SYSTEM IS MULTITASKING SYSTEM
WHAT IS TASK IN Android?
Task is collection of actiivites in android . like for example: you opened a gmail application .
inbox activity is opened , now you click on message , a new activity is opened .
now, there are two activities but , collection of these activities is called task.
Activities are arranged in backstack(stack manner) - LIFO : LAST IN FIRST OUT.
NOTE: In android Activity Managing Service (AMS) - responsible for managing tasks in android.
::: LIFECYCLE OF TASKS IN ANDROID :
- TASK NAVIGATION
- UI NAVIGATION
- TASK CUSTOMIZATION
SO A Question arising in your ? what the security concern regarding activity and task in android.
1. Android allows activities from different apps to reside in same task .
2. Android offers developers great flexibility to customize task behaviour.
To put activity from different apps into same task taskaffinity comes into play.
....WHAT IS TASK AFFINITY?
Task affinity specifies which task that the activity desires to join. by default all activities in an app have same affinity - the app package name.
taskaffinty have an attribute allowtaskreparenting. if allowtaskreparenting=true for activity A of application.and when a task with same affinity as a brought to the foreground, the system would move the A from its original task to the new foreground task.
EXLOITATION CODE:
<activityandroid:exported="true"android:allowTaskReparenting="true"android:taskAffinity="com.tasktest"android:name=".MainActivity">
Comments