CAT | Android
Researcher Syzmon Sidor has created an app that will stealthily activate the camera on an Android phone. The trick is bypassing the requirement in Android to have a preview window open any time the camera is active. Syzmon’s solution was to make the preview window only a single pixel.
From there, one can use the typical methods to hide the application and have it run in the background. Of course, the attacker still needs to get the app on the phone. Hiding this functionality in some useful app on the Android app store is probably the most likely course.
This would be a good argument for keeping your phone in your pocket or purse, rather than sitting on a table with an interesting view.
This is episode 14 of the Privacy Blog Podcast for November,2013.
In this episode I talk about:
How your phone might be tracked, even if it is off
The hidden second operating system in your phone
Advertising privacy settings in Android KitKat
How Google is using your profile in caller ID
and the lengths to which Obama has to go to avoid surveillance when traveling.
Infosec Institute published an article showing in detail how application signing on Android devices can be defeated.
This trick allows the attacker to modify a signed application without causing the application to fail its signature check.
The attack works by exploiting a flaw in the way signed files in the .apk zip file are installed and verified. Most zip tools don’t allow duplicate file names, but the zip standard does support it. The problem is that, when confronted by such a situation the signature verification system and the installer do different things.
The signature verifier checks the first copy of a duplicated file, but the installer actually installs the last one.
So, if the first version of a file in the archive is the real one, then the package will check as valid, but then your evil second version actually gets installed and run.
This is another example of vulnerabilities hiding in places you least expect.