Skip to main content

Issue With Android Could Let Someone Record Screen And Audio

By December 5, 2017June 16th, 2022Cybersecurity

Do you have an Android phone? Is it running either Lolipop, Marshmallow or Nougat? Those three account for slightly more than 75 percent of the Android phones in service today, so odds are excellent that you do. If so, you should be aware of a nasty vulnerability that could allow a hacker to perform at-will screen captures and audio recording without your knowledge.

The issue resides within Android’s MediaProjection service, which has been a part of the OS since its earliest days. The reason that it has only recently become an issue, though, is that prior to the release of Android Lolipop (version 5.0), third-party apps couldn’t make use of it. It required both root-level access and the app in question had to be signed with the device’s release keys, which meant that only system-level apps deployed by Android OEMs could utilize MediaProjection.

That changed with the release of Lolipop, which opened the service up so that anyone could use it.  Unfortunately, when Google relaxed access to the service, they didn’t put it behind a permission that apps could require from users. All a third-party developer needs to do to access MediaProjection is to make an “intent call” that would show a System UI popup, warning users that an app wanted to capture the screen and/or system audio.

Here’s the problem, though. Security researchers discovered that an attacker could detect when the system popup would appear, and knowing that piece of information, they could trigger some other message to appear on top of it, effectively blinding the phone’s owner to the fact that screen captures and audio recordings were in process.

Since the discovery of the security flaw, Google has released a patch that addresses it. Unfortunately, the patch only applies to Android Oreo (8.0). Older phones are still vulnerable.

If there’s one saving grace, it is the fact that the attack is not completely stealthy, and observant users will note the screencast icon in the phone’s notification bar. It’s far from perfect protection, but it’s something, so be aware if you’ve got an older Android phone.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.