Android's accessibility service grants god-mode p0wn power
Even factory reset cannot smite the foulness that is Shedun
Michael Bentley of security-through-analytics outfit Lookout has found android malware that does not require user permission to install.
Bentley, Lookout's head of response, says the Shedun malware accomplishes the feat using the Android's accessibility features.
When installed the malware will use the accessibility service to gain god-mode like access to install apps and spew advertising across phone functions.
"These families root the victim’s device after being installed and then embed themselves in the system partition in order to persist, even after factory reset, becoming nearly impossible to remove," Bentley says.
"By gaining the permission to use the accessibility service, Shedun is able to read the text that appears on screen, determine if an application installation prompt is shown, scroll through the permission list, and finally, press the install button without any physical interaction from the user."
Shedun lies about the capabilities of the accessibility service in a bid to get users to approve the initial installation claiming that users should 'feel at ease' about approving the accessibility service request.
Legitimate apps like LastPass and the popular Tasker use the accessibility service for functions like application password filling and to grant expanded capability to phone tinkerers. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust