Vigil@nce - Google Android OS: spoofing via Task Hijacking
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to install a malicious
application, which exploits the task system of Google Android OS,
in order to deceive the victim, to obtain sensitive information.
Impacted products: Android OS.
Severity: 1/4.
Creation date: 21/08/2015.
DESCRIPTION OF THE VULNERABILITY
The Google Android OS product offers an interface allowing users
to perform several tasks simultaneously.
However, a malicious application can spoof the interface of
another application, and display it on top, in order to deceive
user who is not warned of this window change. Other attack
variants are available.
An attacker can therefore invite the victim to install a malicious
application, which exploits the task system of Google Android OS,
in order to deceive the victim, to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Google-Android-OS-spoofing-via-Task-Hijacking-17729