Threaded Mode | Linear Mode

skooter · 01-21-2011, 05:54 AM

Proof of concept for those interested

http://www.thinq.co.uk/2011/1/20/android...d-details/

coder · 01-21-2011, 01:20 PM

Thanks for the link Skooter! That surreptitious inter-App communication is a fancy trick indeed Smile

Frankly, its pretty obvious that having a sound recording app running while entering credit card details is a BAD idea. Even if you were entering into a website using the onscreen keyboard its possible (as shown by some recently released App that I've totally forgotten the name of that maps sounds that you make by tapping the phone case to actions you want) to map the case sounds of pressing each key, so this isn't just a problem when phonecalls are made.

skooter · 01-22-2011, 02:31 AM

(01-21-2011 01:20 PM)coder Wrote: Thanks for the link Skooter! That surreptitious inter-App communication is a fancy trick indeed

Frankly, its pretty obvious that having a sound recording app running while entering credit card details is a BAD idea. Even if you were entering into a website using the onscreen keyboard its possible (as shown by some recently released App that I've totally forgotten the name of that maps sounds that you make by tapping the phone case to actions you want) to map the case sounds of pressing each key, so this isn't just a problem when phonecalls are made.

Agreed. But I think the point is that you don't have the recording app running when entering credit card details; the attacker could use the recording app as an excuse for the required permissions then have the attack fire up in the background whenever it registers a vocal input/touch input.

coder · 01-25-2011, 11:47 AM

"The collector monitors the phone state and makes a
short recording of the calls it deems interesting based on
a profile database." So FauxRecordingApp is running all the time anyway, hence capable of mapping the sound of touching the case of phone when using the browser, for example...which was my point, this is not just limited to phonecalls. Another thing is the 2nd App needs to be installed (User needs to be duped into installing it, and unless it is a "must have" addition to the FauxRecordingApp, that is going to be a tricky task).

skooter · 01-25-2011, 08:58 PM

Yep this is true.

The FauxRecordingApp could be a real recording app, but with a Service running in the background to listen for phonecalls/button beeps.

Thankfully, its not a flaweless attack vector, but a pretty open one.