Singapore, 3 December 2019 – StrandHogg, a serious Android flaw, has been reported by BBC News and i-Sprint has found that most of the popular Android Apps in APAC are also vulnerable. StrandHogg can be very damaging and costly to Android users.
In recent news reported by BBC News, a Norwegian app security company, Promon, has identified a serious Android following an attack on several customer bank accounts and detected a vulnerability in the Android system. Promon named it as StrandHogg that allows real-life malware to pose as legitimate apps, with users unaware they are being targeted. Promon scanned top 500 popular mobile apps in the world, and they are vulnerable to StrandHogg.
StrandHogg is unique because it can be exploited with or without root access to any Android devices, and it affects all versions of Android, including Android 10. By taking advantage of a weakness in the multitasking system of Android to enact powerful attacks, this allows malicious apps to masquerade as any other app on the device. This exploit is based on an Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to assume any identity in the multitasking system they desire freely.
i-Sprint has also done our own investigation by sampling 100 popular Android Apps across APAC and we found that all of them are susceptible to this vulnerability. The consequences of exploiting this vulnerability by a malware include steal of usernames and passwords, drain bank accounts, track victim’s movements and location, steal private SMS messages and photos, access victim’s contact list and phone logs, spy through a phone’s camera and microphone.
i-Sprint product, YESsafe AppProtect+, is a Runtime Application Self-Protection (RASP) solution that helps companies to protect their iOS and Android apps by blocking attacks in real-time. AppProtect+ proactively protects mobile apps against various risks and attacks. AppProtect+ can prevent passive attacks (like reverse engineering, repackaging and source code modification), and respond by taking necessary measures if real-time attacks are detected during app running. Mobile apps protected by the solution can also run securely even on a highly infected mobile device.
Albert Ching, CTO of i-Sprint, said “Our latest version has introduced a new feature for the protection of task hijacking as reported in StrandHogg. Therefore, our existing customers are equipped with the necessary protection tool even before the announcement of the StrandHogg vulnerability. We will continue to deliver new security features to help our customers to secure and protect their mobile apps against various attacks.”
Dutch Ng, CEO of i-Sprint said, “As people are spending more time using their mobile devices to browse content, online shopping, transaction, etc., cyberattack cases targeting on smartphone devices are also increasing. Companies need to be more alert and diligent in ensuring their apps will not be the next victim of such vulnerability.”
i-Sprint is currently providing a free assessment to organizations who want to find out whether their app is susceptible to StrandHogg vulnerability. For interested companies, please click here for more information and to participate in the free assessment.
Be proactive, be safe, secure your company app with YESsafe AppProtect+.
For enquiry, please email i-Sprint at email@example.com.