Android Security News: MediaProjection Service Intensifies Screen and Audio Recording Vulnerabilities, Claims MWR Labs
Cyber security research firm MWR Labs recently released a study that showed Android's MediaProjection services puts their users at more risk of intrusive malwares that can covertly take screenshots and record audio.
The study was written by MWR Labs' Amar Menezes and focused on Android versions 5.0 to the later released 7.1.2. Earlier Android versions were not affected by the vulnerability mentioned in the study since the MediaProjection service was only released in Android Lollipop.
MediaProjection is the code that allows app developers to take screenshots and audio as part of their applications' features and services. This made it easier for them to initiate the capture of screen and audio contents since they did not need to have root privileges.
However, MWR Labs said the convenience that MediaProjection provided for developers also increased the risk for users to become victims of hackers who spread intrusive pieces of malware.
"It was discovered that an attacker could overlay this SystemUI pop-up which warns the user that the contents of their screen would be captured, with an arbitrary message to trick the user into granting the attacker's application the ability to capture the user's screen," MWR Labs further explained.
Simply put, even suspicious app makers who spread compromised programs can use MediaProjection to attack once Android users approve the request for permissions that pops up whenever apps are installed on the device.
As to what made MediaProjection an easy gate for cyber attacks, MWR Labs explained: "The primary cause of this vulnerability is due to the fact that affected Android versions are unable to detect partially obscured SystemUI pop-ups. This allows an attacker to craft an application to draw an overlay over the SystemUI pop-up which would lead to the elevation of the application's privileges."
Google had been notified about the issue before the release of MWR Labs' report, and the company issued a very limited patch. Unfortunately, the necessary security update was only applied on Android 8.0. And since Android Oreo has yet to become available for a number of other devices, about 77 percent of users are still at risk.