[ars] Android "Strandhogg" Vulnerability being Exploited - Overclock.net - An Overclocking Community

Forum Jump: 

[ars] Android "Strandhogg" Vulnerability being Exploited

Reply
 
Thread Tools
post #1 of 42 (permalink) Old 12-03-2019, 04:21 AM - Thread Starter
Never Finished
 
airisom2's Avatar
 
Join Date: Aug 2011
Location: Within the Milky Way
Posts: 2,081
Rep: 270 (Unique: 208)
[ars] Android "Strandhogg" Vulnerability being Exploited

Quote:
A vulnerability in millions of fully patched Android phones is being actively exploited by malware that's designed to drain the bank accounts of infected users, researchers said on Monday.

The vulnerability allows malicious apps to masquerade as legitimate apps that targets have already installed and come to trust, researchers from security firm Promon reported in a post. Running under the guise of trusted apps already installed, the malicious apps can then request permissions to carry out sensitive tasks, such as recording audio or video, taking photos, reading text messages or phishing login credentials. Targets who click yes to the request are then compromised.
Source
Promon

They got me. I have a banking app on my phone, and I got an email about an incorrect password even though I never signed on. Might be a good idea to reset all of your phones and really comb through what app permissions you're allowing.

1680 V2 4.5GHz 1.33v | G.Skill Trident X 4X4GB 2400MHz | R4BE | Titan Xp + Morpheus II
Wasabi Mango UHD550 | Rosewill Rise | Thermalright LGM RT
Logitech G600 | G440 | Tt Meka G-Unit Cherry MX Black+Double O-Rings
JBL LSR308s | Temblor T10 | Custom headphones | TEAC-UD501+Passive Preamp | Emotiva BasX A-100
OCZ Vertex 4 256GB | 51TB DAS | SS Prime Ultra Titanium 1KW
airisom2 is offline  
Sponsored Links
Advertisement
 
post #2 of 42 (permalink) Old 12-03-2019, 05:12 AM
Padawan Overclocker
 
Catscratch's Avatar
 
Join Date: May 2007
Location: istanbul
Posts: 2,756
Rep: 139 (Unique: 111)
Did you or do you ever install apks outside playstore ? I never do. I know lotsa people go for custom made camera apps and similar.

This cat scratches free.
https://valid.x86.fr/cache/banner/rzap81-6.png
AMD Back Again
(14 items)
Summer 21-06-2011
(13 items)
CPU
Ryzen 5 3600 @ stock
Motherboard
MSI MPG x570 Gaming Plus
GPU
Sapphire 280x Trix (non-boost version)
RAM
Gskill F4-3200C16D-16GFX
Hard Drive
WD5001AALS & ST3250410AS
Hard Drive
Kingston HyperX Savage
Optical Drive
Asus DRW-1814BLT
Power Supply
Enermax Infiniti 650w
Case
Cooler Master HAF912+
Operating System
Windows 10 Pro (1903)
Monitor
Asus VH242H
Keyboard
(no name)
Mouse
(no name)
Other
Cooler Master MasterAir MA410M
CPU
i5 2500k 4ghz @ Offset -0.015
Motherboard
Asus P8P67 Evo (bios 3207)
GPU
Sapphire HD6850 1GB (835/1100)
RAM
G.Skill RipjawsX 2x2gb 1866mhz 8-9-8-24-2n @ 1.6v
RAM
G.Skill RipjawsX 2x4gb 1866mhz 9-10-9-28-2n @ 1.6v
Hard Drive
WD5000AAKX-001CA0
Hard Drive
WD5001AALS-00L3B2 (Now External)
Hard Drive
WD20EARS
Optical Drive
ASUS DRW-1814BLT
Power Supply
Enermax Infiniti 650 (28a,28a,30a)
Cooling
Noctua NH-u12p SE2
Case
Cooler Master haf 912 Advanced
Operating System
Windows 7 Ultimate x64 SP1
Monitor
Asus VH242H Wobbly Stand :)
Keyboard
Microsoft Ergo 4000
Mouse
A4tech x7 F3
CPU
Phenom II x6 1090t BE 3.6/4.0 [email protected]
Motherboard
MSI K9A2 Platinum v1
GPU
Sapphire HD6850 1GB 850/[email protected]
RAM
Kingston 2x2gb Hyperx 1066 5-5-5-15
Hard Drive
WD5001AALS & ST3250410AS
Optical Drive
Asus DRW-1814BLT
Power Supply
Enermax Infiniti 650w (28a,28a,30a)
Case
Thermaltake Kandalf SuperTower
Operating System
Windows 7 Ultimate x64 SP1
Monitor
Asus VH242H 23.6" Wobbly Stand :D
Keyboard
Microsoft Ergo 4000
Mouse
A4 tech Swop-3
Mouse
(no name)
▲ hide details ▲
Catscratch is offline  
post #3 of 42 (permalink) Old 12-03-2019, 07:22 AM - Thread Starter
Never Finished
 
airisom2's Avatar
 
Join Date: Aug 2011
Location: Within the Milky Way
Posts: 2,081
Rep: 270 (Unique: 208)
Yeah, they're fdroid and newpipe. I think f droid did a weird update about a week ago, or around the time I got that email.

1680 V2 4.5GHz 1.33v | G.Skill Trident X 4X4GB 2400MHz | R4BE | Titan Xp + Morpheus II
Wasabi Mango UHD550 | Rosewill Rise | Thermalright LGM RT
Logitech G600 | G440 | Tt Meka G-Unit Cherry MX Black+Double O-Rings
JBL LSR308s | Temblor T10 | Custom headphones | TEAC-UD501+Passive Preamp | Emotiva BasX A-100
OCZ Vertex 4 256GB | 51TB DAS | SS Prime Ultra Titanium 1KW
airisom2 is offline  
Sponsored Links
Advertisement
 
post #4 of 42 (permalink) Old 12-03-2019, 07:28 AM
New to Overclock.net
 
speed_demon's Avatar
 
Join Date: Nov 2006
Location: Wisconsin
Posts: 1,583
Rep: 91 (Unique: 72)
Figured it was only a matter of time before vulnerabilities started getting more complex. This one isn't terribly complex but by the time it hits the news it's already outdated and criminals are using something newer and better.

I personally switched to doing my banking in a B&M location and even that has it's own unique vulnerabilities. Wouldn't be difficult to buy the house next door to my physical bank and set up a camera to watch the teller's monitor through all those modern wall to ceiling windows.

It's a shame there will always be criminals on the lookout for any edge they can get to pilfer other people's money.

Quis custodiet ipsos custodes?


speed_demon is offline  
post #5 of 42 (permalink) Old 12-03-2019, 08:05 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 1,847
Rep: 48 (Unique: 36)
Thanks. Guess it's time to clear all of my phone browser data.

L5
(17 items)
Lea2
(11 items)
L7
(11 items)
CPU
5775c
Motherboard
Maximus VII Hero
GPU
Aorus 1080ti Waterforce
RAM
16 Gb Gskill Trident @ 2400,cas10,1.575v
RAM
8 Gb Gskill Trident @ 2400,cas10,1.575v
Hard Drive
1Tb Team ssd
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear, Nova 40, 598se, HE4xx, DT990pro w b.boost earpads
Audio
SoundbasterX AE-5, onboard
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb klevv urbane 2133
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
8Gb 1600 samsung
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
24" samsung 1080p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is offline  
post #6 of 42 (permalink) Old 12-03-2019, 11:54 AM
New to Overclock.net
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 20,224
Rep: 580 (Unique: 324)
and this is why my phone does three things.

call
text
browsing
GPS

no banking, no shopping.

I'll pull out my laptop if I need to handle a venmo

ease of access and speed of completion rarely outweigh the risks these days.

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
skupples is offline  
post #7 of 42 (permalink) Old 12-04-2019, 05:35 AM
Old to Overclock.net
 
Join Date: Jan 2008
Posts: 2,063
Rep: 120 (Unique: 104)
Quote: Originally Posted by skupples View Post
and this is why my phone does three things.

call
text
browsing
GPS

no banking, no shopping.

I'll pull out my laptop if I need to handle a venmo

ease of access and speed of completion rarely outweigh the risks these days.
My opsec is to always consider mobile devices compromised, no matter what.

That being said this is likely be fixed in the January 5th Android Security Patch if they're not already looking for a way to jam it into the December 5th one, so at most a month of running with your pants down.

I don't think F-Droid was targeted as an injection route for this type of malware though, their standards to get on their repo/re-buildabilitu/signature check really prevents. All more reason people should use F-Droid more instead of the malware cesspool Google Play is.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
post #8 of 42 (permalink) Old 12-04-2019, 08:42 AM
New to Overclock.net
 
8051's Avatar
 
Join Date: Apr 2014
Posts: 2,925
Rep: 25 (Unique: 19)
Quote: Originally Posted by speed_demon View Post
Figured it was only a matter of time before vulnerabilities started getting more complex. This one isn't terribly complex but by the time it hits the news it's already outdated and criminals are using something newer and better.

I personally switched to doing my banking in a B&M location and even that has it's own unique vulnerabilities. Wouldn't be difficult to buy the house next door to my physical bank and set up a camera to watch the teller's monitor through all those modern wall to ceiling windows.

It's a shame there will always be criminals on the lookout for any edge they can get to pilfer other people's money.
I remember some ten years ago there were criminals who were modifying ATM's w/their own disguised add-on card readers so that they could:
a. get your ATM card's magnetic signature
b. get your PIN code
c. then spit back out your ATM card

I'm not sure how successful these types of scams were. I'd think such scams would quickly be uncovered.
8051 is offline  
post #9 of 42 (permalink) Old 12-04-2019, 08:47 AM
New to Overclock.net
 
speed_demon's Avatar
 
Join Date: Nov 2006
Location: Wisconsin
Posts: 1,583
Rep: 91 (Unique: 72)
By the time those card skimmers hit the midwest US they were low profile & designed to be mass produced cheaply. There was a big deal about it because someone of importance locally fell victim to one and then the news started teaching people how to ID skimmers and what to look for on various machines.

I recall one being found on a pump at my favorite gas station too but I learned of it from word of mouth. Never heard a word about it on the news and I reckon Kwik Trip didn't want that type of thing getting out and tarnishing their reputation.

Quis custodiet ipsos custodes?


speed_demon is offline  
post #10 of 42 (permalink) Old 12-04-2019, 09:02 AM
New to Overclock.net
 
8051's Avatar
 
Join Date: Apr 2014
Posts: 2,925
Rep: 25 (Unique: 19)
Quote: Originally Posted by skupples View Post
and this is why my phone does three things.

call
text
browsing
GPS

no banking, no shopping.

I'll pull out my laptop if I need to handle a venmo

ease of access and speed of completion rarely outweigh the risks these days.
What about email? Not even that?
8051 is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off