Source: Android Central
What you need to know
- Security researchers have found another exploit similar to the original Strandhogg discovered back in December.
- This version is more sophisticated, allowing it to pose as a legitimate app that users are putting their passwords into permission hijacking.
- This exploit does not work with Android 10 and has been patched in the latest Android security fixes.
Looks like Strandhogg is back with an even more evil twin — and this is coming from someone who is an evil twin herself. Strandhogg 2.0, announced today by security researchers, once again tricks users into thinking that they're putting their passwords into a legitimate app when they're actually putting it into malware. The exploit is a more sophisticated version of the original Strandhogg exploit found back in December that made users think they were interacting with a legitimate website instead of a malware layer.
This new version only impacted Android 9.0 and below — Android 10 wasn't susceptible to it — and Google has said that this has been fixed the latest Android security patches for previous Android versions. When I asked out in-house security guru Jerry Hildenbrand about how worried the average user would need to be about it, he summed it up pretty easily:
It seems sophisticated, so its not very likely to have ever been found or used "in the wild". It was also patched in last security update, so even Google sees how important it was to close the hole even considering the above.
So, what happened here is the system seeming to work: some security researchers found an exploit, told Google and collected their bug bounty for it, Google patched the bug, and then the security researchers published what they found after most phones were protected by the new patch so that they could show off their work and remind us why security researchers matter.
Thanks, Promon, and nice logo.
Have you listened to this week's Android Central Podcast?
Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.
We may earn a commission for purchases using our links. Learn more.
The $169 Sonos Roam portable speaker just leaked and UE should be worried
Sonos is expected to announce its first truly portable Bluetooth speaker in less than a week, but official images and info have just been leaked days before the launch.
Review: Xplora X5 Play is a kids smartwatch with a lot of potential
Kids smartwatches are moving from only being a toy, to being full-fledged communication and safety devices. In that spirit, the Xplora X5 Play offers excellent, matured hardware with some fun ways to encourage children to be active. But does it all work in a cohesive package?
Top 5 things I want to see from the cheaper OnePlus 9R
I don't know about you, but I've been eagerly anticipating the launch of the OnePlus 9 series for months. I'm specifically excited about what the lower-cost, value flagship OnePlus 9R might look like. Here's a short wishlist of features that I hope it has.
Block ads, trackers and even some malware with the best Chrome ad blockers
Pop-ups, banners and video ads are at the very least annoying, but many also harbor malware. Here are some ad blockers to help cut through the noise.