Clickjack Exploit Affects Android 4.4 KitKat And Older


Vulnerabilities and hacks pop up all the time, springing from just about every conceivable method and corner of the internet. Some may be fairly innocuous, while some, such as the late Heartbleed and Stagefright scares, can be devastating and widespread to the point that they become widely known. Exploits often take place in apps not officially sanctioned by the Play Store, though it is far from an infallible app resource. The newest exploit found comes to us courtesy of Skycure's research labs, where an exploit in Android 4.4 and older has been found. The exploit takes advantage of clickjacking, where a click or tap in an app actually has hidden functions and consequences. In this case, it uses Android's accessibility settings to gain control of a system and monitor everything that happens on the device.

In the demonstration shown below, SkyCure shows off a game based on the Adult Swim show Rick & Morty. In the game, users tap a character that pops up repeatedly. When doing this, however, they're actually making clicks that will allow the app to have privileges as a Device Administrator, a level of control usually reserved for system apps, Google apps and anti-malware apps, among very few other types of apps. From there, it hooks into the device's accessibility framework. The framework is designed to help users that are visually or hearing impaired, meaning it has access to a wide range of device functions. After that, they demonstrate a message being typed in the Gmail app being captured keystroke for keystroke. With that kind of privilege, of course, the exploit can exert much more control over your device than that.


The hooks and ladders used by the exploit were pre-patched in Android 5.0 Lollipop and above, but use of Android 4.4 KitKat is still widespread, even on brand new devices in the low end of the market. There are also many people out there using legacy devices that may be vulnerable. According to one of SkyCure's researchers, the only permission the exploit needed to work was to draw over other apps, meaning an app with this exploit could very well make it into the Play Store. Users are cautioned to avoid venturing outside the Play Store if possible and, if they must download elsewhere, be mindful of the permissions. If you suspect your system has been compromised via this exploit, check your security settings; the device administrators option will show any apps that have such permissions.

Share this page

Copyright ©2016 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments