Android vulnerable to cyberattack: Union Home Ministry

A bug, ‘StrandHogg’, allows malware applications to pose as genuine applications

Updated - December 16, 2019 01:13 am IST

Published - December 16, 2019 01:12 am IST - CHENNAI

All versions of Android, including Android 10, are vulnerable to this bug

All versions of Android, including Android 10, are vulnerable to this bug

The Union Home Ministry has sent an alert to all States warning them about the vulnerability of the Android operating system to a bug called ‘StrandHogg’ that allows real-time malware applications to pose as genuine applications and access user data of all kind.

While all versions of Android, including Android 10, are vulnerable to this bug, it may not be apparent to the affected users that malware applications are already on board their device. These malware can then potentially listen to their conversations, access photo album, read/send messages, make calls, record conversations and get login credentials to various accounts.

This apart, things that such malware can access include private images, files, contact details, call logs, and location information.

The information was shared by the Threat Analytical Unit, Indian Cyber Crime Coordination Centre, Ministry of Home Affairs. “At least 500 popular apps are at risk because of this malware that hackers can deploy to attack mobile phone users. An alert has been sent to all senior police officials to sensitise them to the threat. Steps will be taken to create awareness among the public on the vulnerability of Android to ‘StrandHogg’,” a police official said.

Warning signs

Pop-ups asking for permission to send notifications, messages etc., are one of the main entry points for ‘StrandHogg’ to launch the attack. An app in which the user is already logged in asking him/her to login again is another anomaly pointing to the possibilities of a cyberattack. Once users approve such requests, the malware would instantly access the mobile phone or tablet for specific purposes. “It can activate the microphone, allowing a hacker in a remote location to listen to live conversations. The camera can also be switched on to capture visuals.”

Links and buttons that become non-functional, apps asking for permissions that are not required are among the other warning signs.

The Ministry also sent a detailed list of the modus operandi of the hackers and latest trends in cyberattacks for appropriate action of the States.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.