Today I delivered a webinar on the devastating new Android vulnerability, Accessibility Clickjacking, and how to protect your organization from becoming a victim. I performed a live demonstration of a malware exploit of the vulnerability that exposes any content presented on the device and gives full control of the device to the hacker. This exploit bypasses ALL security measures, including app sandboxing, encryption and even secure containers. See a recording of the webinar here: http://hubs.ly/H03hbB00.
Accessibility Clickjacking uses the otherwise benign graphic overlay feature of Android to trick a user into activating an accessibility service that grants unlimited rights to the malware app. Once the game has been completed, all textual information that appears on the screen can be viewed, stolen and manipulated, including messages, email, documents and authentications.
When first discovered by Skycure Research Labs in March 2016, it was believed that only Android versions through KitKat (4.x) were vulnerable, but a creative twist on the exploit, discovered by our own CTO Yair Amit, allows the exploit to work on every version of Android except Marshmallow (6.x), exposing over a billion Android devices to spying, manipulation and ransomware.
Skycure is currently the only solution in the world that can identify and protect from this type of attack. Be sure to learn about this exploit and how to defend your organization from it by watching the webinar.