The StrandHogg vulnerability Promon security researchers have found proof of a dangerous Android vulnerability, dubbed ‘StrandHogg’, that allows real-life malware to pose as legitimate apps, with users unaware they are being targeted.



Promon demonstrerer med denne videoen et kritisk sikkerhetshull som tillater Androide-telefoner å bli hacket.
Vår kunde har valgt en pr-film som baserer seg på å demonstrere hvordan sikkerhetshullet kan fange opp alt av privat informasjon på telefonen.
Demonstrasjonen er utført på en måte som alle kan forstå uten uforståelige tekniske begrep. Dette resulterte i over 20 000 visninger på under to døgn.

Les her hva media skriver om saken:

The Sun UK: A TERRIFYING bug on Android phones could let hackers read your texts, steal your photos and spy through your camera, experts claim.

BBC NEWS: Android ‘spoofing’ bug helps targets bank accounts.

Dinside: Nordmenn avdekket alvorlig android hull.

Lifehacker: How to tell if an android app is strandhogg malware infected.

Threatpost: ‘StrandHogg’ Vulnerability Allows Malware to Pose as Legitimate Android Apps.

ZDNet: Promon discovers new StrandHogg vulnerability. Lookout identifies 36 malicious apps exploiting it in the wild.

Promon security researchers have found proof of a dangerous Android vulnerability, dubbed ‘StrandHogg’,

«In this video, John Høegh-Omdal and Lars Lunde Birkeland demonstrates how the StrandHogg vulnerability makes it possible for a malicious app to replace a legitimate permission pop-up with its own fake version that asks for access to any permission, including SMS, photos, microphone, and GPS, allowing them to read messages, view photos, eavesdrop, and track the victim’s movements.

By exploiting StrandHogg, an attacker can also trick a device so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen. When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.»
-Promon AS


View all posts

Følg oss på Facebook