{"id":75857,"date":"2019-12-03T14:37:13","date_gmt":"2019-12-03T06:37:13","guid":{"rendered":"https:\/\/www.i-sprint.com\/?page_id=75857"},"modified":"2019-12-03T14:47:25","modified_gmt":"2019-12-03T06:47:25","slug":"strandhogg","status":"publish","type":"page","link":"https:\/\/www.i-sprint.com\/ja\/support-appprotect\/strandhogg\/","title":{"rendered":"The Most Challenging Android Vulnerability, StrandHogg"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 nonhundred-percent-fullwidth non-hundred-percent-height-scrolling fusion-equal-height-columns\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-background-color:#ffffff;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-one-full fusion-column-first fusion-column-last\" style=\"--awb-bg-size:cover;--awb-margin-top:15px;--awb-margin-bottom:15px;\"><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-column-content-centered\"><div class=\"fusion-column-content\"><div class=\"fusion-video fusion-youtube fusion-aligncenter\" style=\"--awb-max-width:600px;--awb-max-height:360px;--awb-width:100%;\"><div class=\"video-shortcode\"><div class=\"fluid-width-video-wrapper\" style=\"padding-top:60%;\" ><iframe title=\"YouTube video player 1\" src=\"https:\/\/www.youtube.com\/embed\/HhrhvBGqutc?wmode=transparent&autoplay=0\" width=\"600\" height=\"360\" allowfullscreen allow=\"autoplay; fullscreen\" loading=\"lazy\"><\/iframe><\/div><\/div><\/div><br><div class=\"fusion-button-wrapper\"><a class=\"fusion-button button-flat button-small button-default fusion-button-default button-1 fusion-button-default-span fusion-button-default-type\" target=\"_self\" href=\"http:\/\/src.i-sprint.com\/service\/register?lang=en_US\"><span class=\"fusion-button-text\">Free App Check<\/span><\/a><\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-separator fusion-full-width-sep fusion-clearfix\" style=\"float:left;margin-top:10px;margin-bottom:20px;width:100%;\"><div class=\"fusion-separator-border sep-single sep-solid\" style=\"--awb-height:20px;--awb-amount:20px;--awb-sep-color:#862633;border-color:#862633;border-top-width:2px;\"><\/div><\/div><div class=\"fusion-sep-clear\"><\/div><div class=\"fusion-text fusion-text-1\"><p>The total number of <a href=\"https:\/\/www.businessofapps.com\/data\/app-statistics\/\" target=\"_blank\" rel=\"noopener noreferrer\"><u>app downloads<\/u><\/a> on mobile devices in 2018 was at 194 billion. Of which, 76 billion downloads were through the Google Play Store, and 30 billion downloads were through the iOS App Store. People are spending more time using their mobile devices to browse content, online shopping, transaction and more.<\/p>\n<p>Security on a mobile phone is a rising concern. <a href=\"https:\/\/www.bbc.com\/news\/technology-50605455\" target=\"_blank\" rel=\"noopener noreferrer\"><u>BBC News<\/u><\/a>\u00a0 reported in December 2019 that there was a vulnerability issue on Android system known as StrandHogg. It is the Most Challenging Vulnerability as it has a significant security impact on Android phone users, with or without device been rooted.<\/p>\n<p><strong><u>What is StrandHogg?<\/u><\/strong><\/p>\n<p>Discovered by <a href=\"https:\/\/promon.co\/security-news\/strandhogg\/\" target=\"_blank\" rel=\"noopener noreferrer\"><u>Promon<\/u><\/a> , StrandHogg allows real-life malware to pose as any legitimate app without users aware of it. StrandHogg is unique because it enables sophisticated attacks without the need for a device to be\u00a0rooted. It uses a weakness in the multi-tasking system of Android to enact powerful attacks that allows malicious apps to masquerade as any other app on the device. This exploitation is based on an Android control setting called \u2018taskAffinity\u2019, which allows any app \u2013 including malicious ones \u2013 to assume any identity in the multitasking system they desire freely.<\/p>\n<p><strong><u>What can it do?<\/u><\/strong><\/p>\n<p>With StrandHogg, hackers can distribute malicious apps on Android App Store or APK download on other websites. If any phone user downloaded it, it might impact on any legitimate app on the same device.<\/p>\n<\/div><div class=\"fusion-title title fusion-title-1 fusion-title-text fusion-title-size-one\"><h1 class=\"fusion-title-heading title-heading-left\" style=\"margin:0;\"><h3 style=\"color: #862633;\"><strong>Dangerous Permission Harvesting<\/strong><\/h3><\/h1><span class=\"awb-title-spacer\"><\/span><div class=\"title-sep-container\"><div class=\"title-sep sep-double sep-solid\" style=\"border-color:#e0dede;\"><\/div><\/div><\/div><div class=\"fusion-image-element fusion-image-align-center in-legacy-container\" style=\"text-align:center;--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><div class=\"imageframe-align-center\"><span class=\" fusion-imageframe imageframe-none imageframe-1 hover-type-none\"><img decoding=\"async\" width=\"600\" height=\"268\" alt=\"StrandHogg-banner2\" title=\"StrandHogg-banner2\" src=\"https:\/\/www.i-sprint.com\/wp-content\/uploads\/2019\/11\/StrandHogg-banner2-600x268.png\" class=\"img-responsive wp-image-75879\" srcset=\"https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/11\/StrandHogg-banner2-200x89.png 200w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/11\/StrandHogg-banner2-400x179.png 400w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/11\/StrandHogg-banner2-600x268.png 600w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/11\/StrandHogg-banner2-800x357.png 800w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/11\/StrandHogg-banner2.png 1120w\" sizes=\"(max-width: 800px) 100vw, 600px\" loading=\"lazy\" \/><\/span><\/div><\/div><div class=\"fusion-title title fusion-title-2 fusion-title-text fusion-title-size-one\"><h1 class=\"fusion-title-heading title-heading-left\" style=\"margin:0;\"><h3 style=\"color: #862633;\"><strong>Powerful Phishing Attacks<\/strong><\/h3><\/h1><span class=\"awb-title-spacer\"><\/span><div class=\"title-sep-container\"><div class=\"title-sep sep-double sep-solid\" style=\"border-color:#e0dede;\"><\/div><\/div><\/div><div class=\"fusion-image-element fusion-image-align-center in-legacy-container\" style=\"text-align:center;--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><div class=\"imageframe-align-center\"><span class=\" fusion-imageframe imageframe-none imageframe-2 hover-type-none\"><img decoding=\"async\" width=\"600\" height=\"268\" alt=\"StrandHogg-banner\" title=\"StrandHogg-banner\" src=\"https:\/\/www.i-sprint.com\/wp-content\/uploads\/2019\/11\/StrandHogg-banner-600x268.png\" class=\"img-responsive wp-image-75878\" srcset=\"https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/11\/StrandHogg-banner-200x89.png 200w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/11\/StrandHogg-banner-400x179.png 400w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/11\/StrandHogg-banner-600x268.png 600w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/11\/StrandHogg-banner-800x357.png 800w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/11\/StrandHogg-banner.png 1120w\" sizes=\"(max-width: 800px) 100vw, 600px\" loading=\"lazy\" \/><\/span><\/div><\/div><div class=\"fusion-text fusion-text-2\"><p>Once exploited by hackers, the consequences faced by phone users are<\/p>\n<ul>\n<li>Stealing usernames and passwords (Phish login credentials)<\/li>\n<li>Draining bank accounts<\/li>\n<li>Reading and sending SMS messages<\/li>\n<li>Accessing to all private photos and files on the device<\/li>\n<li>Making and\/ or recording phone conversations<\/li>\n<li>Spying through a phone\u2019s camera and microphone<\/li>\n<li>Tracking user\u2019s movements and location<\/li>\n<li>Accessing user\u2019s contact list, phone logs, emails<\/li>\n<\/ul>\n<p>For more information on StrandHogg, please visit <a href=\"https:\/\/promon.co\/security-news\/strandhogg\/\" target=\"_blank\" rel=\"noopener noreferrer\"><u>Promon<\/u><\/a>.<\/p>\n<p><strong><u>How Can Company Protect its App and Consumers?<\/u><\/strong><\/p>\n<p>i-Sprint\u2019s YESsafe AppProtect+ proactively protects mobile apps against various risks and attacks, allowing mobile apps to run securely even on highly infected devices.<\/p>\n<p>Comparing with the traditional Antivirus software, AppProtect+ can protect app without virus database update or internet connection; Comparing with the hardened app solution, AppProtect+ can prevent passive attacks (like reverse engineering, repackaging and source code modification), and respond by taking necessary measures to if real-time attacks are detected during app running. So, full protection is achieved.<\/p>\n<p>AppProtect+\u2019s Core Functions include:<\/p>\n<ul>\n<li>Anti-reverse engineering &amp; Anti-tampering<\/li>\n<li>Anti-debugger<\/li>\n<li>Anti-stealing<\/li>\n<li>Client Management from Server<\/li>\n<\/ul>\n<p>Some companies in the region such as Bank of East Asia, CITIC Bank (International) CMB Wing Lung Bank, RHB Malaysia &amp; Singapore, Merchantrade Asia, Bank Muamalat Malaysia, Sing Investments and Finance, Rabobank Singapore and MSIG are already using AppProtect+ to protect their company apps against any vulnerability, like StrandHogg.<\/p>\n<p>To understand more on AppProtect+, please click <a href=\"https:\/\/www.i-sprint.com\/yessafe-appprotect\/\" target=\"_blank\" rel=\"noopener noreferrer\"><u>here<\/u><\/a>.<\/p>\n<p>Enterprises, you can do your part to enhance the security level of your mobile app to protect your company and your users.<\/p>\n<p><strong>Be Proactive\u00a0 |\u00a0\u00a0 Be Safe\u00a0\u00a0 |\u00a0 Secure Your App with AppProtect+<\/strong><\/p>\n<p>i-Sprint is providing a complimentary check for your company\u2019s app on any vulnerability to StrandHogg. To submit your app for checking, please click on the button below.<\/p>\n<\/div><div class=\"fusion-button-wrapper\"><a class=\"fusion-button button-flat button-small button-default fusion-button-default button-2 fusion-button-default-span fusion-button-default-type\" target=\"_self\" href=\"http:\/\/src.i-sprint.com\/service\/register?lang=en_US\"><span class=\"fusion-button-text\">Free App Check<\/span><\/a><\/div><\/div><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":76036,"parent":82053,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"100-width.php","meta":{"inline_featured_image":false,"episode_type":"","audio_file":"","podmotor_file_id":"","podmotor_episode_id":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","filesize_raw":"","date_recorded":"","explicit":"","block":"","itunes_episode_number":"","itunes_title":"","itunes_season_number":"","itunes_episode_type":"","footnotes":""},"class_list":["post-75857","page","type-page","status-publish","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/pages\/75857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/comments?post=75857"}],"version-history":[{"count":4,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/pages\/75857\/revisions"}],"predecessor-version":[{"id":76047,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/pages\/75857\/revisions\/76047"}],"up":[{"embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/pages\/82053"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/media\/76036"}],"wp:attachment":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/media?parent=75857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}