Researchers at Promon have revealed a new vulnerability that affects Android 9.0 and below called StrandHogg 2.0. According to the firm, this privilege escalation vulnerability allows hackers to gain access to almost all apps, luckily, it is not yet being used in the wild but once details are revealed about the exploit millions of Android users could be susceptible.
After the researchers reported CVE-2020-0096 to Google, the search giant labelled the exploit as a ‘critical severity’ problem.
According to Promon’s announcement, the bug allows malicious apps to assume the identity of legitimate apps while remaining completely hidden. Once the malicious app has been installed on the device, it can access personal data such as SMS messages, photos, login credentials, track GPS movements, make and record phone calls, and spy on the users via the camera and microphone.
Promon said that Google was notified about the vulnerability on 4 December 2019, giving it more than five months to work on a patch before the bug was publicly disclosed. Google has now rolled out a patch to its Android ecosystem partners (April 2020) and eligible users running Android 8.0, 8.1, and 9.0 will be offered the update. Despite this, OEMs aren’t particularly good at keeping some of their devices up to date so millions may be exposed to this issue.
To compound problems, StrandHogg 2.0, unlike its more primitive predecessor, is more difficult for anti-virus and security scanners to detect, therefore, end users may never know they’ve installed StrandHogg-exploiting software and could be vulnerable to attack.