• X
  • Listen in to our latest podcast!

    November 20, 2017

    New Android vulnerability threatens mobile cryptocurrency wallets

    android media projection service vulnerability

    A new vulnerability found within Android’s Media Projection service has threatened the security of mobile cryptocurrency wallets on the platform.

    Android may be the world’s forefront operating system – having overtaken Microsoft Windows earlier this year – yet that by no means equates the platform to being the most secure system around. Now, a newly discovered vulnerability tied to Android’s Media Projection service threatens the use of mobile cryptocurrency wallets.

    Android’s Media Projection service handles recording screen and audio content on the platform. As of Android 5.0 Lollipop, the service has been able to capture media from third-party as well as system applications.

    Read: New report shows intensification of North Korean assaults on cryptocurrency users, services

    Now, a newly discovered vulnerability within the service has given hackers an easy port of call to recover sensitive information from a target’s Android device – meaning that all users with devices running Android 5.0 Lollipop and above have been affected.

    While Android users traditionally see a pop-up indicating that their device is recording on-screen content, hackers are able to suppress this alert through a technique called ‘tapjacking’ – essentially giving themselves silent oversight of any Android device’s content.

    At the time of writing, Google has offered a security patch for Android 8.0 Oreo, but has not yet addressed the error on prior versions of the operating system.

    The news could be potentially crippling for users of mobile cryptocurrency wallets, which traditionally guard one’s funds from malicious access – cryptocurrencies such as Bitcoin have, in the past, proven an attractive swindle considering the difficulty associated with performing a refund.

    Android users leveraging a mobile wallet on their device should enable two-factor authentification – preferably with a different device – to prevent unauthorized access to their accounts.

    Read: Amazon has purchased three new cryptocurrency-based domain names

    What are your thoughts? Are you affected? Be sure to let us know your opinion in the comments below!

    Follow Bryan Smith on Twitter: @bryansmithSA

    Listen in to our latest podcast!