strandhogg icon indicating copy to clipboard operation
strandhogg copied to clipboard

Published 20 hours ago verified publisher icon lucasnlm

Metadata

StrandHogg Task Injection POC

Android StrandHogg Task Injection POC

This project demonstrates how StrandHogg task injection works.

How it works

  • Change R.string.target_package value to the target package value.
  • Install the POC and run it.
  • Run the target package and this POC will hijack the task.

More details

  • (2015) https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-ren-chuangang.pdf
  • (2017) https://www.slideshare.net/phdays/android-task-hijacking
  • (2019) https://twitter.com/ivanmarkovicsec/status/1201592031333761024
  • (2019) https://promon.co/security-news/strandhogg/

And for/from developers:

  • https://github.com/Ivan-Markovic/Android-Task-Injection
  • https://inthecheesefactory.com/blog/understand-android-activity-launchmode/en
  • https://developer.android.com/guide/components/activities/tasks-and-back-stack
  • https://medium.com/@iammert/android-launchmode-visualized-8843fc833dbe

Video:

  • https://www.youtube.com/watch?v=IYGwXFIYdS8
  • https://www.youtube.com/watch?v=HPfT9miU_rY
  • https://www.youtube.com/watch?v=yI0Xh5Oc0x4

Metadata

28
Stars
15
Forks
Watchers

Owner

verified publisher icon lucasnlm

Metadata

StrandHogg Task Injection POC

Back