You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Task stack hijacking affects apps with startup modes of singletask and standard
We hijacked the task stack of the application by setting the same taskAffinity. When the user clicks on the application, what is actually displayed is the activity of the attack application we wrote (there is no interface switching process in the entire process, which is very hidden and difficult for the user to discover). By designing the activity in this way, we can mimic the login interface of the application, induce the user to log in, and steal the user's private password information
Reproduction method:
Write an attack application that hijacks the application's task stack by setting the taskAffinity attribute to the package name of soul
Expected behaviour
Repair plan
Set the taskAffinity property of the application's activity to empty
When the APP is initially enabled, check whether the number of front-end tasks in the activity stack is greater than the initial set value. If it is greater than the initial set value, it is necessary to draw the user's attention to the possibility of disguised malicious attacks in the future. Do not output sensitive information on the page
Example code:
val activityManager = getSystemService(ACTIVITY_SERVICE) as ActivityManager
val appTasks: List = activityManager.getAppTasks()
if (appTasks.isNotEmpty()) {
Val initial Activity Count=5//Assuming that the initial set number of front-end task activities is 5
val taskInfo: RecentTaskInfo = appTasks[0].taskInfo
val numActivities: Int = taskInfo.numActivities
if (numActivities > initialActivityCount) {
//If the number of activities in the current front-end task is greater than the initial set value, a Toast prompt will pop up to remind the user to pay attention to safety
Toast.makeText (this, "Warning: The current front-end task has an abnormal number of activities, which may pose a security risk. Please be careful not to enter sensitive information on subsequent pages! ", Toast.LENGTH_LONG).show()
Task stack hijacking affects apps with startup modes of singletask and standard
We hijacked the task stack of the application by setting the same taskAffinity. When the user clicks on the application, what is actually displayed is the activity of the attack application we wrote (there is no interface switching process in the entire process, which is very hidden and difficult for the user to discover). By designing the activity in this way, we can mimic the login interface of the application, induce the user to log in, and steal the user's private password information
Reproduction method:
Write an attack application that hijacks the application's task stack by setting the taskAffinity attribute to the package name of soul
Expected behaviour
Repair plan
Set the taskAffinity property of the application's activity to empty
When the APP is initially enabled, check whether the number of front-end tasks in the activity stack is greater than the initial set value. If it is greater than the initial set value, it is necessary to draw the user's attention to the possibility of disguised malicious attacks in the future. Do not output sensitive information on the page
Example code:
val activityManager = getSystemService(ACTIVITY_SERVICE) as ActivityManager
val appTasks: List = activityManager.getAppTasks()
if (appTasks.isNotEmpty()) {
Val initial Activity Count=5//Assuming that the initial set number of front-end task activities is 5
val taskInfo: RecentTaskInfo = appTasks[0].taskInfo
val numActivities: Int = taskInfo.numActivities
if (numActivities > initialActivityCount) {
//If the number of activities in the current front-end task is greater than the initial set value, a Toast prompt will pop up to remind the user to pay attention to safety
Toast.makeText (this, "Warning: The current front-end task has an abnormal number of activities, which may pose a security risk. Please be careful not to enter sensitive information on subsequent pages! ", Toast.LENGTH_LONG).show()
}
}
The specific attack video has been attached
攻击视频1.zip
The text was updated successfully, but these errors were encountered: