π

Consider Your Smartphone a Tainted Device

Show Sidebar

These days, a new attack method named «Cloak and Dagger» was published.

Basically it uses two rather innocent permissions to capture user input (via keyboard) and inject arbitrary commands. It's not the usual attack vector based on a memory leak or similar. This is very hard to fix for Google since it may require changes in the underlying architecture of Android.

This is just one example of many where smartphones can be attacked so that the attacker is able to do anything the owner is able to do and often more.

Therefore, it is a very bad idea to put sensitive information on your smartphone or even do banking with it. This also includes receiving transaction numbers (TANs) which can be intercepted, modified, or suppressed in multiple ways.

Consider your smartphone a tainted device.

Comment via email (persistent) or via Disqus (ephemeral) comments below: