Accessibility tools like voice-to-text, screen readers, alternative input devices, and speech recognition software are important parts of making our digital world more accessible to all people.
But it turns out, they also make mobile devices more accessible to hackers.
That’s been a key area of research for professor Brendan Saltaformaggio and his team at the Cyber Forensics Innovation Laboratory at Georgia Tech.
“These are really cool features, but they’re also very powerful because they let you basically read and interact with pretty much every single app — even the important ones like the Android settings app [and other] high permission apps,” Saltaformaggio explained to Hypepotamus. Nefarious malware authors have found ways to use these accessibility tools to gain access to Android devices and “act” like the user.
The team started collecting this type of malware data collection in 2021, ultimately finding over 10,000 different malware samples to study. They found 197 different malware families, which are “similar types of malware that is designed to abuse a specific type of victims and use specific types of capabilities,” said PhD student Ken Xu.
From there, malware authors can get into banking apps, steal credentials from ridesharing apps, or even gain access to authenticator apps. Others might gain access to a phone and turn off settings that allow that specific malware from being deleted.
Turning Research Into New Tools
Saltaformaggio, Xu, and the Georgia Tech team have taken action on their findings in hopes of helping more people and companies detect malware problems on devices before it’s too late.
They recently developed a new tool, Detector of Victim-specific Accessibility (DVa), that can check for malware. The goal is to help the Google Play store detect problems and alert end users.
DVa leverages cloud technology to scan users’ phones for malicious software, then provides a detailed report identifying harmful apps and offering steps for safe removal. The report also highlights any legitimate apps targeted by the malware, guiding users on contacting those companies to assess potential impacts. Additionally, DVa sends a report to Google, enabling the tech giant to take further action in purging the malware from its app ecosystem.
As a research tool, DVa is all open-source and available to the public on GitHub.
Staying Safe Online
For individuals looking to secure their devices, understanding these risks is key to staying protected against attacks that exploit accessibility features. We asked Saltaformaggio and Xu for key pieces of advice they’d share with readers. Their responses can help anyone looking to stay safe while using their mobile devices.
Saltaformaggio’s Advice: Beware of suspicious apps
“A lot of the malware that we see in the lab are apps that really should not be trusted. A lot of people will do side load apps or apps that are not on the Play Store. Never install apps that are not on the Play Store. That’s just so, so risky.”
Xu’s Advice: Be careful about who gets access
“Don’t grant any outrageously powerful permissions that the app obviously does not need.” Something like a downloaded calculator app does not need admin permissions to your phone to work, he pointed out.
“Read through those warning messages and don’t grant any any permissions then the app absolutely needs.”