According to the Symantec engineer Dinesh Venkatesan, the creators of malware have one up on Google with the pillaging of a keystone trick which allows attacks on Android Marshmallow.
This method was extracted from white hat proof-of-concept works published initially to show how malware could extract credentials from Android applications. Besides, it lets malware determine the running apps on a device and relies on social engineering users.
Google and disparate white hats, including Venkatesan, has already eliminated avenues through which malware could trick users into tapping various security approval buttons using screen overlays which make the apps and their suggested taps appear benign.
The first trick steals from a GitHub project which helps experts bypass Android security measures. |This will fail on Google’s looming hardened operating system codenamed N. Symantec explains the problem:
“This technique uses a popular open source project hosted on GitHub and does not require any additional permissions. It reads the “/proc/” file system to enumerate running processes and finds the current foreground app. It should be noted that the open source project itself is not malicious—the malware authors just leverage this project to get around security measures.”
The second takes advantage of an API introduced in Android Lollipop version five:
“This technique uses the UsageStatsManager API introduced in Android 5.0 to gain access to a device’s usage history and statistics. The malware queries the usage statistics of all the applications for the past two seconds and then computes the most recent activity.”
Malware seen using the latter technique appears on the usage security approval list as Google Chrome using the browser’s name and icons. The masquerade unravels on some OEM droid vendors like Samsung.
“It is interesting to monitor how relentlessly the malware authors try to outsmart new security enhancements,” the researcher Jade Rummler states. “Here the attackers have employed an effective social-engineering technique to remind us once again that the security of any system takes into account users’ level of awareness.”
Now security in Android N will be tighter, with previous attack surfaces including Stagefright likely shuttered thanks to new architectures.
According to Android Central, now updating will be easier and lighter with core elements patched without need of a user-deterring full update.
File encryption is introduced in N which will be less onerous on handsets and harder for attackers to access.