Ad
Smartphone accessibility features, designed to assist people with disabilities, can be exploited by malware to perform unauthorized actions like transferring funds or preventing malware removal. Researchers at Georgia Tech have developed a cloud-based tool called DVa that detects such threats and provides reports to help users and companies respond.
Researchers have build a new tool to spot malware exploiting phone accessibility features and help users remove it.
Accessibility features like screen readers and voice-to-text have made smartphones more usable for people with disabilities. However, these same tools can also be exploited by hackers.
Malware can take advantage of accessibility services to read on-screen content and perform unauthorized actions, such as tapping buttons, approving transactions, or even blocking attempts to remove the malware. In some cases, this can lead to severe consequences, like unauthorized transfers from banking apps or persistent infections that are difficult to uninstall.
Often, the malware is installed when a user clicks on a phishing link or unknowingly downloads a malicious app, even from seemingly legitimate sources like the Google Play Store. Once installed, it can compromise sensitive apps, including cryptocurrency wallets and rideshare platforms that store payment information.
Researchers at Georgia Tech have developed a new tool, Detector of Victim-specific Accessibility (DVa), that can check for malware. DVa runs on the cloud to check the phone for this malware, then sends the user a report of its findings that shows which apps are malware and how to delete them. It will also tell them which victim apps the malware was targeting and how to contact those companies to check for damages. DVa also sends a report to Google, so the company can attempt to eradicate this malware from apps.
“As we continue to design systems that are more and more accessible, we also need security experts in the room,” said Brendan Saltaformaggio, an associate professor in the School of Cybersecurity and Privacy (SCP) and the School of Electrical and Computer Engineering. “Because if we don’t, they’re going to get abused by hackers.”
Modeling Malware
To determine how vulnerable smartphones are to this type of hack, the team set up five Google Pixel phones and performed a malware analysis. The Georgia Tech researchers teamed up with Netskope — an industry leader in cloud, data, and network security — to help protect smartphones everywhere from this type of powerful malware. Then they installed some of the sample malware on each phone to see how it debilitated the system and used DVa to report this behavior.
While DVa can detect current attacks, the researchers note the challenge is ensuring that removing malware doesn’t remove accessibility.
“In the future, we need to look at how accessibility services work overall to figure out what’s fundamentally different from a benign use and a malicious use,” said Haichuan (Ken) Xu, a Ph.D. student in SCP.
Reference: “DVa: Extracting Victims and Abuse Vectors from Android Accessibility Malware” by Haichuan Xu, Mingxuan Yao, Runze Zhang, Mohamed Moustafa Dawoud, Jeman Park and Brendan Saltaformaggio.
Ad
SomaDerm, SomaDerm CBD, SomaDerm AWE (by New U Life).