Malware is the major problem on android for obvious reasons, but that doesn't make the underlying threats any less troubling. New threats are being discovered all the time, and as the platform grows - with over 1.5 million Android devices being activated every day - the potential to infect ever more devices grows too.
Third-party Android stores fare considerably worse. according to Forbes, in one third-party store, a staggering 33% of apps were found to be infected.
The app was developed by researcher Simon Szydor, Google’s Play Store is already full of Android spyware apps which allow users to take covert photos switching off sound effects and LEDS but he aimed to create one which could take pictures without the user knowing at all.
Initially started with low-level USB hacking, but despite genuine efforts I found nothing really interesting. Further experiments seemed really boring to me, because they in general involved trying various different cameras and hours of starting at LED light hoping the camera light won't blink.
Technical Details
What he wanted to take pictures without user knowing, but at any time, not only when the app is on. I started googling and first thing that I found is that using Camera technically requires a preview to be displayed on screen in order to take video, but background services do not have associated visible activity. But let's not get discouraged an keep trying.
I wrote a small camera app for my Nexus 5. My first approach was to create a View object that is not attached to any activity and feed preview to that object. That fails.
The I remembered something that later turned out to be very relevant. Facebook messages draws to the UI, even when the app is not technically running:
This turned out to be indeed the right track. I attached preview to the screen from the background service and indeed I was able to take a photo! This is not yet ideal - the preview is visible on the screen user can clearly see that something is going on. But then I tried to remove it. Here's a list of approaches:
- Make preview invisible - failed: Android just ignores this setting for preview
- Make preview transparent - failed: Android just ignores this settings for preview
- Cover preview by another view - partially failed: the view on top is still obstructing the screen
- Make preview 1x1 pixel - successful
The result was amazing and scary at the same time - the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)! Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there.
How can you protect yourself form malicious apps?
If you are as disturbed by this find as I am you will start asking what can we do to avoid such situations. The bad news is that it's kind of a cat and mouse game - no matter how hard you try attackers can find more ways to obfuscate malicious activity. The good news is there are some ways that seem (at least given my current knowledge hard to circumvent:
- Pay attention to permissions (for example does Simple Notepad* really need access to your camera?)
- Keep your Google Account secure - if somebody can access your Google account they can install apps on your phone remotely without you approving it! Set up two step verification. Change your password from time to time. Set up secure password.
- Uninstall unused apps.
- High battery consumption (settings -> battery), and high bandwidth (settings -> data usage) are potential culprits
- Look at the background services that are running (settings -> apps -> running) - does Simple Notepad* really require background service
- Swiping app out of application list does not switch off background services (if you want to completely switch it off go to App Info (long press app icon inside menu and drag it to app info section) and click force stop - this ensures no background services are running.
No comments:
Post a Comment