Experts warn of 'cloak and dagger' Android attack

Permissions to accesses certain features on an Android have been found to be used by hackers to takeover the device. Scroll down for video The attack, dubbed 'Cloak and Dagger', enables cyberthieves to control handsets by overlaying the interface with false information to hide malicious activities being performed underneath CLOAK AND DAGGER Georgia Institute of Technology has identified two different Android features that when combined, allow an attacker to read, change or capture the data entered into popular mobile apps. 'In Cloak and Dagger, we identified two different Android features that when combined, allow an attacker to read, change or capture the data entered into popular mobile apps,' said Wenke Lee, a professor in Georgia Tech's School of Computer Science and co-director of the Institute for Information Security & Privacy. 'The two features involved are very useful in mapping, chat or password manager apps, so preventing their misuse will require users to trade convenience for security.' But because it involves two common features that can be misused even when they behave as intended, the issue could be more difficult to resolve than ordinary operating system bugs While both permissions have been used separately as user-interface redressing attacks and 'a11y attacks,' previous research did not examine what happens when they are combined, noted Simon P. Chung, a research scientist at Georgia Tech's School of Computer Science and one of the study's co-authors.