Strandhogg 2.0 Could Affect More Than A Billion Android Devices

Privacy Cyber Security AH Nov AH 2019

Back in the days when getting online meant connecting a Windows PC to the internet, antivirus protection was foremost in our minds. The very idea on sliding that ethernet cable into position without suitable protection would have been as dangerous and irresponsible as – well, you can come up with your own comparison.

These days, we are far more blasé, using our mobile devices to get online and feeling far removed from the world of malware. Unfortunately, however, mobile viruses do exist, and as the world becomes mobile-first, it is inevitable that the hackers will do likewise. The data protection and cybersecurity experts are reporting a growing number of viruses aimed specifically at exploiting Android vulnerabilities. Strandhogg 2.0 has the potential to be the most dangerous yet.

Significant risk


The vulnerability was announced in Android’s May security update. It can affect any Android device except those that are running Android 10. Data analysts estimate that only around 16 percent of Android users are doing so, and there are believed to be more than two billion Android devices in use. That means the total number of vulnerable devices is well over a billion and could even be north of 1.5 billion.

The bug is more than an inconvenience. It hides in plain sight, disguising itself as other legitimate apps that are already installed on the phone and asking the user to enter security credentials. It can also siphon personal information from other app permissions.

Hard to detect


The vulnerability was detected by Promon, the Norwegian cybersecurity firm that blew the whistle on the original Strandhogg vulnerability last year. The good news is that Promon has found no evidence that Strandhogg 2.0 has been exploited in “active hacking campaigns.” A Google spokesperson said they too have seen nothing to suggest active exploitation.

However, Promon caveated its comments with the warning that there is no obvious way to detect an attack. Strandhogg 2.0 requires no external configuration, as it simply reflects legitimate apps, leaving no traceable markers or suspicious-looking code. It can attack almost any app, and due to its stealth and potential for mischief-making, Promon delayed going public about it until Google had come up with a solution.

How to protect yourself


If you own one of the estimated 1.6 billion devices running Android 9.0 or earlier, you need to be concerned about Strandhogg 2.0. There is positive news in as much as protecting yourself from the vulnerability is not a complicated task.

The simplest way is by updating your operating system to Android 10. This is not, of course, going to be possible on every device. When Google released its monthly security update in May, it did more than warn against the critical vulnerability. It also included a patch that will protect the device and make it invulnerable to Strandhogg 2.0 in the same way as those running Android 10. Just keep in mind that many older phones will not install the update automatically will need user intervention.