95.4% of All Android Devices Are Susceptible to Accessibility Clickjacking Exploits, says report

Skycure disclosed that more than a billion Android devices are vulnerable to accessibility clickjacking exploits. Expected to attack all Android devices except those loaded with Android 6.x Marshmallow, the vulnerability enables a malicious hacker to monitor victim’s activity, read and compose corporate emails and documents including the capability to remotely encrypt or wipe the device. This will force the victim to pay money to get access to their own device, in a mobile ransomware scenario.

The hacker sneaks into the victim’s mobile device by combining two features of Android like Accessibility Services and the ability to draw over other apps. It is possible to gain control of the mobile device, which includes acquiring elevated privileges and exposing the content of all apps on the device.

By combining these two features, a malicious hacker can trick a user into granting virtually unlimited permissions to their malware.

Skycure has released a video, which examines how the Accessibility Clickjacking Exploits are carried out.

As you can see from the above video, the user is taken to accessibility settings, prompted to navigate to the properties of the service we’re trying to enable. After that the user is prompted to enable the selected device. Her, the user is forced to click on “the eye”, which is in fact the unobscured left part of the “OK” (approval) button.

To protect your device from Accessibility Clickjacking Exploits, you need to make use of an updated version of Android. It is also important to download only those apps which are listed on Google Play Store. You should also run an updated version of a Mobile Threat Defense solution.

DONT MISS  Learn how attackers steal credentials via COVID-19 themed phishing templates

Anand Narayanaswamy is the editor-in-chief of Netans. He was recognized as a Microsoft Most Valuable Professional (MVP) for 9 years (2002 to 2011) and again as a Microsoft MVP in Surface under Windows and Devices in January 2024. He worked as a Chief Technical Editor with ASPAlliance and was part of ASPInsider program. Anand has published several articles and reviews related to various software and hardware products for various software and technology related websites. He is also active on social media and also participates as an Influencer for various brands. Anand can be reached at admin@netans.com