Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google Patches Android Icon Hijacking Vulnerability

Researchers at FireEye have identified a vulnerability affecting Google Android that could be exploited to lead users to malicious sites.

Researchers at FireEye have identified a vulnerability affecting Google Android that could be exploited to lead users to malicious sites.

According to FireEye, the issue allows a malicious app with ‘normal’ protection level permissions to target legitimate icons on the Android home screen and modify them to point to attack sites or the malicious app itself without notifying the user. The issue has been acknowledged by Google, which has released a patch to its OEM partners, the security researchers blogged.

“The ability to manipulate Android home screen icons, when abused, can help an attacker deceive the user,” the FireEye researchers explained. “There’s no surprise that the com.android.launcher.permission.INSTALL_SHORTCUT permission, which allows an app to create icons, was recategorized from ‘normal’ to ‘dangerous’ ever since Android 4.2.”

Though the researchers called this an important security improvement, they noted an attacker can still manipulate Android home screen icons using two normal permissions – ‘com.android.launcher.permission.READ_SETTINGS’ and ‘com.android.launcher.permission.WRITE_SETTINGS.’

According to the researchers, these two permissions enable an app to query, insert, delete or modify the configuration settings of the Launcher. However, these two permissions have been labeled as ‘normal’ since Android 1.x.

“As a proof of concept attack scenario, a malicious app with these two permissions can query/insert/alter the system icon settings and modify legitimate icons of some security-sensitive apps, such as banking apps, to a phishing website,” the researchers explained. “We tested and confirmed this attack on a Nexus 7 device with Android 4.4.2…Google Play doesn’t prevent this app from being published and there’s no warning when a user downloads and installs it.”

“Lastly, this vulnerability is not limited to Android devices running AOSP,” the researchers continued. “We have also examined devices that use non-AOSP Launchers, including Nexus 7 with CyanogenMod 4.4.2, Samsung Galaxy S4 with Android 4.3 and HTC One with Android 4.4.2. All of them have the protection levels of com.android.launcher.permission.READ_SETTINGS and WRITE_SETTINGS as “normal”.”

Just recently, Google announced extra protection for Android that will continuously scan devices to make sure applications are not performing malicious actions after installation. 

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.