Mobile Android cryptocurrency wallet users are at risk for hacking because of a new vulnerability that allows the MediaProjection service to capture the user’s screen and audio content. More than three-quarters of all Android users are at risk, as the bug affects the Lollipop, Marshmallow and Nougat platforms.
Have you read or do you recall the article: Crypto Mobile App Increasing Usability Of Bitcoin
Today, we want to focus on the security breach that exist amidst the development.
Google has accidentally created the risk, since the release of Lollipop 5.0. Prior to this release, the MediaProjection functionality was only available to system-level applications and through release keys. All new systems since have been vulnerable to this type of data attack.
Apparently, when a hacker seeks to start recording screen information, a popup will appear, informing the user. However, hackers are able to cover that popup with a second popup in a process called ‘tapjacking.’ According to experts on the topic:
“Furthermore, the SystemUI pop-up is the only access control mechanism available that prevents the abuse of the MediaProjection service. An attacker could trivially bypass this mechanism by tapjacking this pop-up using publicly known methods to grant their applications the ability to capture the user’s screen.”
Google has offered a patch in the Oreo (8.0) version, but all previous versions are at risk. Cryptocurrency users who access private wallets on mobile devices could very easily have their wallets hacked via this system and are encouraged to upgrade to the latest system for protection.
At Altecho Trading and Exchange Limited- ATEL, we give you news, opinions, advice and research on Crypto-currency (eCurrency, digital currency), computer/general security issues and the latest internet threats.
Post Credit: ATEL + Jon Buck