Android devices on older firmware exposed to security vulnerability, warns SingCERT

SINGAPORE: Android devices running on operating system versions 9.0 and earlier - or about 90 per cent of users - may be exposed to a security vulnerability that could allow attackers to hijack an installed application and gain unauthorised access to sensitive data.

The vulnerability, dubbed StrandHogg 2.0, could give hackers access to messages, photos, login credentials and GPS geo-locations, or allow them to spy through the device's camera and microphone, said the Singapore Computer Emergency Response Team (SingCERT) in an alert on Wednesday (May 27).

StrandHogg 2.0 is the "evil twin" to an earlier vulnerability with the same name, said Norwegian security firm Promon, which discovered both vulnerabilities. 

It works by mirroring the appearance of legitimate apps: When a user clicks on the icon of a legitimate app, a malicious login page is displayed on the screen, tricking victims into providing their information.

"If the victim then inputs their login credentials within this interface, those sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps," said Promon on its website.

Android users should only download applications from the official Google Play Store, said SingCERT.

They should also update their devices to the latest firmware once it is available, said SingCERT.

The current latest version of the operating software is Android 10.

A significant portion of Android users worldwide are on older versions of Android, said Promon, citing data from Google, meaning a large percentage of users are at risk of the vulnerability. 

"As of April 2020, 91.8 per cent of Android active users worldwide are on version 9.0 or earlier," the firm said.