TWSL2011-008: Focus Stealing Vulnerability in Android

The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified in Android. Android is an open-source software stack for mobile devices which includes an operating system, key applications, and middleware.

The vulnerability was discovered by Sean Schulte, who is a member of the Trustwave SSL team. Sean discovered a method which allowed him to steal a user's credentials when they log into an application on their Android device. The attack requires the installation of a malicious application, and that application must be explicitly configured to steal credentials from another application. For example, the malicious application may be configured to only steal credentials from a specific banking application. 

The attack takes advantage of flaw which allows an application to create an overlay screen that can look identical to another application's login screen. When the user logs into that overlay, the credentials would then be sent to the correct application, with the victim being none the wiser. These credentials can then be sent to the remote attacker, giving that person access to the victim's account. 

For further details on the attack, please view the full advisory at the following address:

https://www.trustwave.com/spiderlabs/advisories/TWSL2011-008.txt
 

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.