But, mobile threat defense enterprise Skycure researchers believe that the attackers are using the Click-Jacking equipment which soon became quite common. With this exploit, a hacker could persistently monitor all of a victim’s activity, and can read possibly compose corporate emails and documents via the victim’s device. In March of this year, experts have shown how Android Accessibility Service function can be exploited to gain control over the device. They have developed a PoC-exploit in the form of the game, playing in which the user inadvertently activate the Accessibility Service on the device.
Once the feature is enabled on the device, an attacker can monitor all users activity, view and compromise corporate e-mail and documents, as well as change the administrator or create a new administrator as we mentioned earlier. Hence, this will allow the offender to encrypt or delete all the data on your mobile device. Earlier at that time, the security experts and researchers believed that the method only works on the devices which runs on the Android version 4.4 (KitKat) and below. However, as it turned out, hence, it exposed the vulnerability in the newer Android OS versions (Android 5.0 and above) as well, notwithstanding the additional protection, implemented by the tech giant Google. According to the security experts and researchers, 95.4% Android devices are vulnerable to the attacks which are using the clickjacking technique to gain the accessibility. Moreover, the mobile threat defense enterprise Skycure’s security experts and specialists informed about the problem to the tech giant Google’s developers. But, the tech giant Google refused to fix or patch the vulnerability, as it describes to the mobile threat defense enterprise Skycure, that it as an acceptable risk.
Δ
