Notebookcheck

New Android security flaw allows screen recording without direct user permission

Yet another Android exploit. (Source: Pixabay)
Yet another Android exploit. (Source: Pixabay)
A security research firm has revealed an Android exploit which allows a rogue application to record all on-screen activity without the user's permission. This has been fixed in Android 8, but users on older versions are still vulnerable. Fortunately, the exploit works in a way which causes Android to create a notification in the status bar.

Cyber security firm, MWR InfoSecurity, has revealed the details of an Android bug which allows a rogue app to start screen recording without the user’s consent. This exploit was reported to Google back in January 2017 and is fixed in Android 8 Oreo, but Android 5 to 7.1 are still vulnerable.

The exploit uses the MediaProjection service which allows developers to capture screen contents and record system audio without root access and has been part of the Android Framework since version 5.0. A screen recording can be started using a virtual module in the same way that an Android device might cast to a Google Chromecast.

Programmed behavior would involve a pop-up message asking the user for permission to start casting or recording, but this exploit consists in using a technique to draw an overlay on top of the pop-up requesting permissions, tricking the user into clicking a button which sits above the “allow” position on the original pop-up.

The recommended solution is to upgrade to Android 8.0, something which all Android users know is easier said than done on most devices which aren’t on a manufacturers upgrade list or don’t have good third party ROM support. The latest statistics regarding Android version adoption shows that 77.5 percent of devices are running one of the vulnerable versions of Android from 5.0 to 7.1.

Fortunately for those who can’t upgrade, the attack is detectable with a little vigilance. Because this method relies on creating a virtual display using the MediaProjection Service, it causes Android to show the screencast icon in the notification bar (the same one that you see when using a Chromecast). Therefore any sightings of this symbol when not using screencasting should be an immediate giveaway that something is amiss.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
News and Editorial Editor - Details here

Example of the screencast notificaiton. (Source: MWR InfoSecurity)
Example of the screencast notificaiton. (Source: MWR InfoSecurity)

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2017 11 > New Android security flaw allows screen recording without direct user permission
Craig Ward, 2017-11-18 (Update: 2017-11-18)
Craig Ward
Craig Ward - News Editor
I grew up in a family surrounded by technology, starting with my father loading up games for me on a Commodore 64, and later on a 486. In the late 90's and early 00's I started learning how to tinker with Windows, while also playing around with Linux distributions, both of which gave me an interest for learning how to make software do what you want it to do, and modifying settings that aren't normally user accessible. After this I started building my own computers, and tearing laptops apart, which gave me an insight into hardware and how it works in a complete system. Now keeping up with the latest in hardware and software news is a passion of mine.