Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

Screen/Audio Capture Vulnerability Impacts Lion's Share of Android Devices

A vulnerability that allows malicious applications to capture screen contents and record audio without a user’s knowledge impacts over 78% of Android devices, researchers claim.

The issue is caused by the MediaProjection service introduced by Google in the Android Framework on Android 5.0. This service allows applications to capture the screen or record audio without special permissions, by simply requesting access via an Intent.

Prior to Android 5.0, an application would either have to run with root privileges or be signed with the device’s release keys to use system protected permissions to capture screen contents, MWR Labs security researchers explain. With the introduction of MediaProjection, no permissions are required in the AndroidManifest.xml to use the service.

When an application requires access to this system Service, a SystemUI pop-up is displayed to warn the user that the program wants to capture the screen. According to MWR, however, an attacker could overlay...(continued)

View All Trending Stories