Is It Possible For A Hacker To Crack A Locked Android Phone
Our phones the key to our life. As we use it on a daily basis, message and email people, take pictures, do online banking and shopping, android smartphones holds a large amount of sensitive information. To keep all our personal information safe, the first thing that we do is lock our phones. It could be either via a code or pattern and now-a-days face locking is also very popular. With this simple thing we believe that our precious data is safe from anyone who might use it in a wrong manner.
Sadly, hackers are more advanced these days and are getting better at cracking a locked android phone. So, if you are under the impression that your locked phone can’t be hacked, then you must re-visit that thought because hackers can certainly do that. Wondering how it is possible? Various researches were carried out and a new attack was discovered, which is known as 'Cloak and Dagger' that works against all versions of Android, up to version 7.1.2.
This attack is quite sophisticated as it allows the hackers to silently take control over an android device and steal private data, such as chats, device PIN, online account passwords, OTP passcode, and contacts.
What More About Cloak And Dagger Attack?
One of the major highlights of this attack is that it doesn't exploit any vulnerability in Android ecosystem. What it does is abuse a pair of legitimate app permissions that is being widely used in popular applications to access certain features on an Android device.
To test this attack, researchers used it on 20 participants and none of them were able to detect any malicious activity. This is because Cloak and Dagger attacks by utilizing two basic Android permissions:
- SYSTEM_ALERT_WINDOW ("draw on top") – It is an overlay feature that allows apps to overlap on a device's screen and top of other apps.
- BIND_ACCESSIBILITY_SERVICE ("a11y") – This one is designed to help disabled, blind and visually impaired users, allowing them to enter inputs using voice commands, or listen content using screen reader feature.
What The Hacker Can Do After Getting Access To Android Device?
It’s a known fact that the security mechanisms used by Google are not enough to keep all malware out of its app market and this something that the hackers exploit. As there is no need of any malicious code to perform the trojanized task, with Cloak and Dagger hackers can easily develop and submit a malicious app to Google Play Store without detection.
Once such app is downloaded, the researchers say the attacker can perform various malicious activities including:
- Unconstrained keystroke recording
- Silent installation of a God-mode app (with all permissions enabled)
- Advanced clickjacking attack
- Stealthy phishing attack
- Silent phone unlocking and arbitrary actions (while keeping the screen off)
In short, the professional hacker will be able to get past your locked phone and will be able to spy on your every activity that you do on your phone, without you even realizing it.
Tag: #ProfessionalHacker #AndroidPhoneHacking #HackingServices #OnlineAndroidHacking