Accessibility Clickjacking attack threatens half a billion Android devices

With Android powering more than 80% of the smartphones nowadays, hackers are devising fresh techniques to utilise loopholes and vulnerabilities to steal user data or personal information from their devices.
This week at RSA Conference in San Francisco, mobile security company Skycure showed a new form of malware that puts more than 500 million of Android users at risk. Termed as “accessibility clickjacking,” it is basically a malicious user interface redressing technique that tricks smartphone users into clicking on something that appears to be innocuous but is actually an element that is different from the one the victim believes to be clicking on.

“Accessibility Clickjacking attack can allow malicious applications to access all text-based sensitive information on an infected Android device, as well as take automated actions via other apps or the operating system, without the victim’s consent. This would include all personal and work emails, SMS messages, data from messaging apps, sensitive data on business applications such as CRM software, marketing automation software and more.”

In a Proof of Concept at the RSAC, Skycure demonstrated the attack which showed the victim playing a simple Rick and Morty themed rat hitting game but in the background the user’s clicks are actually propagated to an underlying layer of the operating system: the accessibility approval settings. At the end of the game, the victim has unknowingly approved Accessibility permissions to the malicious app. Once Accessibility has been granted on the device, the attacker can change admin permissions, encrypt the device’s storage, change or disable the security passcode or even wipe the device remotely.


How can you safeguard your device from clickjacking attacks?

  • Update the Android operating system to the latest version. You are safe if you are running Android 5.0 Lollipop or higher.
  • Do not click on any dialogue boxes that pops up on your phone if you are not sure what caused them to appear.
  • Do not install apps from third-party app stores if you aren’t 100% sure of its credibility.
  • Use the Skycure app available here if you are running a vulnerable Android version. It should alert and secure your device from existing and future threats.


You may also like...