The release of Android 2.3 (Gingerbread) added a new attribute to the View class: filterTouchsWhenObscured. This attribute is a fix to a problem a member of our team found that we reported to the Android Security Team. TapJacking, similar to ClickJacking attacks in web UI's, allows an attacker to hijack touchscreen activity in native Android applications. A malicious app could trick the user into interacting with potentially sensitive Activities. We have written up a detailed post explaining the problem and and a little bit about using the new method/attribute in development to protect against this. We have also posted a video POC of the problem. Thanks to the Android Security Team for getting this fix put into the lastest release!
Detailed Post: http://blog.mylookout.com/2010/12/android-touch-event-hijacking/ Proof of Concept Video: http://vimeo.com/17648348 Advisory: http://blog.mylookout.com/look-10-007-tapjacking/ -Anthony -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
