{"id":76050,"date":"2019-12-03T15:02:38","date_gmt":"2019-12-03T07:02:38","guid":{"rendered":"https:\/\/www.i-sprint.com\/?p=76050"},"modified":"2020-04-29T15:52:08","modified_gmt":"2020-04-29T07:52:08","slug":"strandhogg-news","status":"publish","type":"post","link":"https:\/\/www.i-sprint.com\/ja\/strandhogg-news\/","title":{"rendered":"Serious Android Flaw Identified, and most of the popular apps in APAC are vulnerable"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-top:0px;--awb-padding-right:0px;--awb-padding-bottom:0px;--awb-padding-left:0px;--awb-margin-top:0px;--awb-margin-bottom:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-one-full fusion-column-first fusion-column-last\" style=\"--awb-bg-size:cover;--awb-margin-bottom:0px;\"><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-text fusion-text-1\"><p style=\"text-align: center;\"><strong>Serious Android Flaw Identified, and most of the popular apps in APAC are vulnerable<br \/>\n<\/strong>YESsafe AppProtect+ protects Android Apps against StrandHogg and other attacks<\/p>\n<p><strong><br \/>\nSingapore, 3 December 2019<\/strong> \u2013 StrandHogg, a serious Android flaw, has been reported by BBC News and i-Sprint has found that most of the popular Android Apps in APAC are also vulnerable. StrandHogg can be very damaging and costly to Android users.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-76029 size-full\" src=\"https:\/\/www.i-sprint.com\/wp-content\/uploads\/2019\/12\/StrandHogg_i-Sprint.jpg\" alt=\"\" width=\"624\" height=\"353\" srcset=\"https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/12\/StrandHogg_i-Sprint-200x113.jpg 200w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/12\/StrandHogg_i-Sprint-300x170.jpg 300w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/12\/StrandHogg_i-Sprint-400x226.jpg 400w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/12\/StrandHogg_i-Sprint-600x339.jpg 600w, https:\/\/1217570951.rsc.cdn77.org\/wp-content\/uploads\/2019\/12\/StrandHogg_i-Sprint.jpg 624w\" sizes=\"(max-width: 624px) 100vw, 624px\" loading=\"lazy\" \/><\/p>\n<p>In recent news reported by <a href=\"https:\/\/www.bbc.com\/news\/technology-50605455\">BBC News<\/a>, a Norwegian app security company, Promon, has identified a serious Android following an attack on several customer bank accounts and detected a vulnerability in the Android system.\u00a0 Promon named it as StrandHogg that allows real-life malware to pose as legitimate apps, with users unaware they are being targeted.\u00a0 Promon scanned top 500 popular mobile apps in the world, and they are vulnerable to StrandHogg.<\/p>\n<p>StrandHogg is unique because it can be exploited with or without root access to any Android devices, and it affects all versions of Android, including Android 10.\u00a0 By taking advantage of a weakness in the multitasking system of Android to enact powerful attacks, this allows malicious apps to masquerade as any other app on the device. This exploit is based on an Android control setting called \u2018taskAffinity\u2019 which allows any app &#8211; including malicious ones &#8211; to assume any identity in the multitasking system they desire freely.<\/p>\n<p><a href=\"http:\/\/www.i-sprint.com\/solutions\/strandhogg\">i-Sprint<\/a> has also done our own investigation by sampling 100 popular Android Apps across APAC and we found that all of them are susceptible to this vulnerability.\u00a0 The consequences of exploiting this vulnerability by a malware include steal of usernames and passwords, drain bank accounts, track victim\u2019s movements and location, steal private SMS messages and photos, access victim\u2019s contact list and phone logs, spy through a phone\u2019s camera and microphone.<\/p>\n<p>i-Sprint product, <a href=\"https:\/\/www.i-sprint.com\/yessafe-appprotect\/\">YESsafe AppProtect+<\/a>, is a Runtime Application Self-Protection (RASP) solution that helps companies to protect their iOS and Android apps by blocking attacks in real-time.\u00a0 AppProtect+ proactively protects mobile apps against various risks and attacks.\u00a0 AppProtect+ can prevent passive attacks (like reverse engineering, repackaging and source code modification), and respond by taking necessary measures if real-time attacks are detected during app running. Mobile apps protected by the solution can also run securely even on a highly infected mobile device.<\/p>\n<p>Albert Ching, CTO of i-Sprint, said \u201cOur latest version has introduced a new feature for the protection of task hijacking as reported in StrandHogg.\u00a0 Therefore, our existing customers are equipped with the necessary protection tool even before the announcement of the StrandHogg vulnerability.\u00a0 We will continue to deliver new security features to help our customers to secure and protect their mobile apps against various attacks.\u201d<\/p>\n<p>Dutch Ng, CEO of i-Sprint said, \u201cAs people are spending more time using their mobile devices to browse content, online shopping, transaction, etc., cyberattack cases targeting on smartphone devices are also increasing. Companies need to be more alert and diligent in ensuring their apps will not be the next victim of such vulnerability.\u201d<\/p>\n<p>i-Sprint is currently providing a free assessment to organizations who want to find out whether their app is susceptible to StrandHogg vulnerability. For interested companies, please click <a href=\"http:\/\/www.i-sprint.com\/solutions\/strandhogg\">here<\/a> for more information and to participate in the free assessment.<\/p>\n<p>Be proactive, be safe, secure your company app with YESsafe AppProtect+.<\/p>\n<p>For enquiry, please email i-Sprint at <a href=\"mailto:enquiry@i-sprint.com?subject=Enquiry:%20AppProtect+%20Against%20StrandHogg%20Vulnerability\">enquiry@i-sprint.com<\/a>.<\/p>\n<\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>StrandHogg, a serious Android flaw, has been reported by BBC News and i-Sprint has found that most of the popular Android Apps in APAC are also vulnerable. StrandHogg can be very damaging and costly to Android users.<\/p>\n","protected":false},"author":2,"featured_media":76058,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"episode_type":"","audio_file":"","podmotor_file_id":"","podmotor_episode_id":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","filesize_raw":"","date_recorded":"","explicit":"","block":"","itunes_episode_number":"","itunes_title":"","itunes_season_number":"","itunes_episode_type":"","footnotes":""},"categories":[167],"tags":[],"class_list":["post-76050","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-press-ja-2"],"_links":{"self":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/posts\/76050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/comments?post=76050"}],"version-history":[{"count":4,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/posts\/76050\/revisions"}],"predecessor-version":[{"id":76858,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/posts\/76050\/revisions\/76858"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/media\/76058"}],"wp:attachment":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/media?parent=76050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/categories?post=76050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/tags?post=76050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}