‘Cloak & Dagger’ Attacks Expose Android to Harmful Malware

May 29, 2017

University of California and Georgia Institute of Technology’s researchers recently uncovered a new exploit, called Cloak & Dagger, that can attack Android devices – even those with the most up-to-date operating systems installed.

The researchers say, “Cloak & Dagger is a new class of potential attacks affecting Android devices. These attacks allow a malicious app to completely control the UI feedback loop and take over the device – without giving the user a chance to notice the malicious activity.” The researchers discovered this breach in August 2016 and have started their own website to inform the public of their findings, as well as to track their communications to Google’s Android team.

What Can You Do to Keep Safe?

TechCrunch reports that “The easiest way to disable this exploit in Android 7.1.2 is to turn off the ‘draw on top’ permission in Settings > Apps > Gear symbol > Special Access > Draw over other apps.”

That is one possible solution.

Another is to be extremely careful about which apps you download. Many apps access for special permissions to access your device. Check the individual settings for each app on all of your Android devices, though since these are deemed as “Special Permissions”, you may not have the access to disable yourself. When in doubt, use your best judgment and only download vetted apps.

Is This Being Fixed?

The big question here is: What is being done to fix this issue?

The researchers who discovered this say, “Some of the issues uncovered by this work are design-related issues — not simple bugs — and it thus necessarily takes more time to fix them. Moreover, these are not "classic" low-level issues, but UI-related problems.” Luckily, they have detailed their communication with Google and the most recent update of this ongoing conversation (see below), however, there is no fix in sight.

  • May 22nd, 2017 — This website and our research paper at IEEE S&P are made public.
  • Current — All the attacks discussed by this work are still practical, even with the latest version of Android (Android 7.1.2, with security patches of May 5th installed).

In a recent article by Mashable, a spokesperson for Google stated, “We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safe. We have updated Google Play Protect – our security services on all Android devices with Google Play – to detect and prevent the installation of these apps.”