Android devices running on Lollipop, Marshmallow and Nougat have been the new subject of an exploit that tricks users into recording their screens without them knowing it.
American cybersecurity firm MWR InfoSecurity reveals that the new vulnerability has been present since Android 5.0 Lollipop was launched in 2014 and Android's MediaProjection framework was introduced. This gives application developers the capability to capture a phone's screen content as well as record the system audio.
"With MediaProjection, application developers no longer need root privileges nor do they require to sign their applications with the device's release keys. Furthermore, there are no permissions that are required to be declared in the AndroidManifest.xml in order to use the MediaProjection service," reads the MWR report.
"To use the MediaProjection service, an application would simply have to request access to this system Service via an Intent. Access to this system Service is granted by displaying a SystemUI pop-up that warns the user that the requesting application would like to capture the user's screen."
This SystemUI pop-up has been found out being used by cybercriminals to be overlaid with their own program and posing an arbitrary message. This message is said to deceive the user into granting the attacker's program the ability to record the phone's screen.
Android devices running Oreo are safe from possible malicious attacks since it has been patched in the latest version. However, Lollipop, Marshmallow and Nougat devices remain vulnerable, unless owners will be able to update them. Unfortunately, for some older devices, they will be stuck with this vulnerability if their phones or tablets are not eligible for Android 8.0 Oreo upgrade.
At the moment, it remains unclear if Google has plans to fix the exploit. App developers, on the other hand, have the capacity to protect users by enabling the FLAG_SECURE layout parameter. Otherwise, Android users remain defenceless.