Hello,
the device /dev/graphics/fb0 is word read- and writeable on my device (Samsung Galaxy S2 with CM 9.1.0). I suspect it is the same way on many other devices.
Every app can read the whole framebuffer and make screenshots. If the app would do that it could also monitor the softkeyboard. The results wouldn't need to be saved because it could extract the pressed key on the fly.
I have tested a short loop in the Terminal and it worked. I was able to get screenshots from an app with the FLAG_SECURE set. Which should disallow the ability to make a shot. ( I wasn't root. ) I was able to get the fb dumps with the keyboard and the keys pressed.
You can manualy set the Permissions to 660, then only root and graphics users can use it.
Can someone please confirm this configuration on other devices?
I don't think it is intendet that every app can play keylogger.
And before you ask I havn't posted/informed anyone. Because if you look at the /dev/exynos-mem hole you want to check every other file in /dev for similar errors. So that is what I did and i can't be the only one. So I figure the blackhats are two steps ahead.
the device /dev/graphics/fb0 is word read- and writeable on my device (Samsung Galaxy S2 with CM 9.1.0). I suspect it is the same way on many other devices.
Every app can read the whole framebuffer and make screenshots. If the app would do that it could also monitor the softkeyboard. The results wouldn't need to be saved because it could extract the pressed key on the fly.
I have tested a short loop in the Terminal and it worked. I was able to get screenshots from an app with the FLAG_SECURE set. Which should disallow the ability to make a shot. ( I wasn't root. ) I was able to get the fb dumps with the keyboard and the keys pressed.
You can manualy set the Permissions to 660, then only root and graphics users can use it.
Can someone please confirm this configuration on other devices?
I don't think it is intendet that every app can play keylogger.
And before you ask I havn't posted/informed anyone. Because if you look at the /dev/exynos-mem hole you want to check every other file in /dev for similar errors. So that is what I did and i can't be the only one. So I figure the blackhats are two steps ahead.