Android Security Hole Grows

Android Security Hole Grows

  • By Sydny Shepard
  • May 18, 2016

In March, security researchers at Skycure discovered a theoretical attack that involves the exploitation of two Android features that can be used together to take complete control over a victims phone or tablet. Now, those same researchers believe they’ve found event more ways to exploit more versions of the Android OS.

In March, Skycure said they believed 66 percent of Android phones and tablets could be hacked; now the number has been increased to 95.4 percent, or 1.34 billion devices.

By using an Accessibility Clickjacking Exploit, the researchers were able to leverage Android feature “Accessibility Service” along with a second feature built into the Android OS that allows you to draw over other apps. According to the security firm, all versions of the Android OS that came before 6.x Marshmallow are vulnerable to this clickjacking hack.

In order to tap into the vulnerability, a hacker would create a game or application that would run in an overlay window on top of the Android home screen. While the app was running, it would open up the Accessibility Services settings. The game would trick the user into tapping areas of the overlay screen that would also be recognized in the underlying screen. Using this method, an attacker could also trick you into tapping the right sequence of settings to hand over control of your phone to a remote hacker.

This clickjacking method could allow the hacker to invisibly open and close settings and open malicious webpages that can install malicious software onto the phone or tablet. Skycure says this technique could also trick users into unknowingly approve the service’s permissions such as Device Administrator access.

“After presenting this research at RSA, confirmed on all Android versions through KitKat, it occurred to me that there may be a way to also run this on Android devices running Lollipop. My team was then able to test this and verify that Lollipop is also vulnerable to Accessibility Clickjacking,” Yair Amit, CTO and co-founder of Skycure, said in a blog post.

Google has acknowledged the vulnerabilities brought forward by Skycure calling it, “an example of nefarious use of genuine tech.” Google has turned off, by default, the overlay feature in the Android 6.x OS. Users who want to take advantage of overlay screens in Android 6.x and above will have to opt-in to the feature.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • 2025 Gun Violence Statistics Show Signs of Progress

    Omnilert, a national leader in AI-powered safety and emergency communications, has released its 2025 Gun Violence Statistics, along with a new interactive infographic examining national and school-related gun violence trends. In 2025, the U.S. recorded 38,762 gun-violence deaths, highlighting the continued importance of prevention, early detection, and coordinated response. Read Now

  • Big Brand Tire & Service Rolls Out Interface Virtual Perimeter Guard

    Interface Systems, a managed service provider delivering remote video monitoring, commercial security systems, business intelligence, and network services for multi-location enterprises, today announced that Big Brand Tire & Service, one of the nation’s fastest-growing independent tire and automotive service providers, has eliminated costly overnight break-ins and significantly reduced trespassing and vandalism at a high-risk location. The company achieved these results by deploying Interface Virtual Perimeter Guard, an AI-powered perimeter security solution designed to deter incidents before they occur. Read Now

  • The Evolution of ID Card Printing: Customer Challenges and Solutions

    The landscape of ID card printing is evolving to meet changing customer needs, transitioning from slow, manual processes to smart, on-demand printing solutions that address increasingly complex enrollment workflows. Read Now

  • TSA Awards Rohde & Schwarz Contract for Advanced Airport Screening Ahead of Soccer World Cup 2026

    Rohde & Schwarz, a provider of AI-based millimeter wave screening technology, announced today it has won a multi-million dollar award from TSA to supply its QPS201 AIT security scanners to passenger security screening checkpoints at selected Soccer World Cup 2026 host city airports. Read Now

  • Brivo, Eagle Eye Networks Merge

    Dean Drako, Chairman of Brivo, the leading global provider of cloud-native access control and smart space technologies, and Founder of Eagle Eye Networks, the global leader in cloud AI video surveillance, today announced the two companies will merge, creating the world’s largest AI cloud-native physical security company. The merged company will operate under the Brivo name and deliver a truly unified cloud-native security platform. Read Now

Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.