Authorization / Task Hijacking

iOSMobile App

Description

An Android task is a collection of activities that users interact with when performing a certain job. Activities from different apps can reside in the same task which might be used to relocate a malicious activity to your application’s task by manipulating the following parameters:

  • Task Affinity controlled by attribute taskAffinity
  • Task Reparenting controlled by attribute allowTaskReparenting

Task Affinity is an activity attribute defined in the tag in the AndroidManifest.xml file. Task Affinity specifies which task that the activity desires to join. By default, all activities in an app have the same affinity, which is the app package name.

Risk

Task Hijacking attacks come in different flavors:

  • Task Affinity Control: application has a package name com.mySecureApp.app and activity A1. A malicious application has two activities M1 and M2 where M2.taskAffinity = com.mySecureApp.app and M2.allowTaskReparenting = true. If the malicious app is open on M2, once you start your application, M2 is relocated to the front and the user will interact with the malicious application.
  • Single Task Mode: the application has set launch mode to singleTask. A malicious application with M2.taskAffinity = com.mySecureApp.app can hijack the target application task stack.
  • Task Reparenting: application has set taskReparenting to true. A malicious application can move the target application task to the malicious application stack.

Task hijacking can be used to perform phishing, denial of use attack, and has been exploited in the past by banking malware trojans. New flavors of the attacks (StandHogg 2.0) are extremely hard to detect, as they are code-based attacks.

Solution

Different forms of Task Hijacking vulnerabilities require different fixes:

  • Set the task affinity of the application activities to “"(empty string) in the tag of the AndroidManifest.xml to force the activities to use a randomly generated task affinity, or set it at the tag to enforce on all activities in the application.
  • Do not specify launch mode set to singleTask or add support for a monitoring service to detect the presence of malicious foreground tasks.
  • Do not set the flag FLAG_ACTIVITY_NEW_TASK in activity launch intents, or use with the FLAG_ACTIVITY_CLEAR_TASK:
  • Do not specify allowReparenting with taskAffinity or add support a monitoring service to detect the presence of malicious foreground tasks.
  • Prefer the use of Explicit intent, which specify which application will satisfy the intent, by supplying the target application package name or a fully-qualified component class name. Implicit intent only specifies the general action.

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.