Report it to Google and watch the inaction rollout across the platforms.
'Cloak and dagger' vuln rolls critical hit against latest Android versions
A distinct class of Android vulnerability has been unearthed by computer scientists at the Georgia Institute of Technology in Atlanta. "Cloak and dagger" is a new kind of attack vector affecting Android devices (including the latest version, 7.1.2). "Attacks allow a malicious app to completely control the UI feedback loop and …
COMMENTS
-
Thursday 25th May 2017 15:54 GMT Graham Cobb
30 year old bug re-emerges on Android
Wow. I remember when computers started requiring that you press BREAK before they would give a login prompt, because people wrote programs that made it looked like the terminal was waiting for login and captured passwords. I think it was VAX/VMS V2, in the 1980's, which first introduced it (at least to me).
Microsoft adopted the same strategy with requiring CTRL-ALT-DEL before you could login.
But someone forgot about this and started writing phone OS's that allow apps that require passwords and you can't use a secure gesture to make sure you are really talking to the right app?