A security vulnerability is found in almost all versions of Android. |
Security researchers say: In almost all versions of Android, they have discovered a serious security vulnerability that allows malware to mimic legitimate applications to steal application passwords and other confidential data.
The vulnerability is called Strandhogg 2.0 and affects all devices running Android 9 and earlier versions. According to Promon, the Norwegian security company (Promon), it was the "evil twin" of the aforementioned weakness. The company discovered the first vulnerability six months ago and has now discovered another.
Strandhogg 2.0 interacts with malware by prompting the victim to enter passwords into legitimate applications. Strandhogg 2.0 exploit may also misuse other app privileges to extract sensitive user data (such as contacts and photos) and track the victim's location in real time.
"This gap is more serious than before," Promon founder and chief technology officer Tom Lissimus Hansen told TechCrunch. Because it is "almost undetectable." However, the company stated that there was no evidence that the hackers exploited the vulnerability during active hacking activity. (Bromon) fears that the hackers will continue to exploit the vulnerability, which delays the publication of detailed information about the vulnerability so that Google can correct the vulnerability, which was classified as "dangerous".
A Google spokesperson told TechCrunch that the company: They have no evidence that it has been actively used. He added: "We thank the researchers for their work and published solutions to existing problems." The spokesman said: Google Play Protect - a service for checking applications built into the Play Store - prohibits Strandhogg's use of applications at risk 2.0.