pull down to refresh

TapTrap: Animation-Driven Tapjacking on Androidtaptrap.click/
549 sats \ 6 comments \ @k00b 24 Jul security
TapTrap is a new type of attack targeting Android devices. It allows an app without any permissions to misuse screen animations. This app can secretly open another screen, such as a permission prompt, and make it invisible. The attack can then be used to trick you into performing sensitive actions, such as granting camera permissions or even erasing your device, without your consent.
According to their timeline, Android is still vulnerable
write
preview
related posts
113 sats \ 2 replies \ @WeAreAllSatoshi 24 Jul
This isn’t the same thing, but it reminded me of an issue I see more often than I’d like:
I load some web page on my phone. Clearly it’s stuffed with shit because there’s weird placeholders everywhere. I go to click something - a button, a link, who knows. Right as I go to click it, something else loads above in the document, pushing my click target down, and I end up clicking on an ad instead.
God that infuriates me
reply
50 sats \ 1 reply \ @k00b OP 24 Jul
That frequently happens to me on sites that I wouldn't admit I visit.
reply
0 sats \ 0 replies \ @WeAreAllSatoshi 24 Jul
👀
reply
10 sats \ 0 replies \ @ZeroFade_0xa8 24 Jul
Very interesting UI redress exploit. The fact it can invisibly trigger overlay permission screens via animation callbacks without any permissions makes it hard to detect. Unless Google adds low-level mitigations in the WindowManager or transition stack, these TapTrap attacks will likely remain possible.
reply
0 sats \ 0 replies \ @LightningG 24 Jul
Wow. These attacks are getting each time more advanced, I'd never think something like that could happen. Does being an iOS user means im more safe? Or could this also happen in iOS? Will be sharing with some friends, thanks for the info.
reply
0 sats \ 0 replies \ @LAXITIVA 24 Jul
Glad I’m human then teehee
reply