Malicious screen readers can extract data from 92% of finance apps

Anne Freer | July 5, 2023

App Business

Screen readers may be the latest malware to watch out for, according to testing from app shielding expert Promon. The company uncovered some pretty disturbing vulnerabilities among the top financial apps on the Google Play Store. Let’s take a look.

What are screen readers?

Screen readers are used to transform digital text into synthesised speech or braille output. That makes them essential tools for accessibility. And unsurprisingly, their main purpose is to aid visually impaired individuals in navigating and engaging with digital content.

However, the extensive access required by screen readers and other accessibility services poses a potential risk for misuse, as it grants wide-ranging access to the screen and its contents.

Malware that can access a user’s screen is also capable of stealing sensitive information, intercepting two-factor authentication, controlling the device and bypassing security features.

Screen readers as malicious actors

The Security Research team at Promon developed a simulated malicious screen reader capable of reading and extracting data from an application. They conducted tests on 100 apps and found that the screen reader program successfully read and exfiltrated data from 85 out of 92 apps (92.4%). Only seven apps (7.6%) demonstrated effective defence mechanisms against the screen reader’s attempts to access the data.

Android’s operating system contains numerous loopholes that malicious actors frequently exploit to infiltrate devices and acquire unauthorised access to sensitive information. This information encompasses confidential conversations, personal data, and financial transactions.

Through the exploitation of these vulnerabilities, malware can operate silently in the background, executing tasks and actions without the user’s knowledge. This includes the covert reading and interception of content displayed on users’ screens, even within financial apps responsible for handling delicate data like banking transactions, PINs, and account balances.

Majority of financial services apps not adequately protected against screen reader malware

Source: Promon

Malware with elevated permissions can also exfiltrate captured data through various channels, allowing analysis, extraction of personal details, and exploitation for financial gain or illegal activities.

Where do we go from here?

App Shielding technology can help mitigate the threat of malicious screen readers, but developers can also take immediate steps. They can implement code to detect screen readers and decide whether to display a warning, shut down the app, or continue normally. However, these solutions have drawbacks, such as warning messages being bypassed by malware. Developers can verify the application using accessibility features to avoid shutting down legitimate apps.

Furthermore, upcoming security features in Android 14 aim to prevent accessibility service abuse. Developers will be able to restrict non-accessibility tools from interacting with their app, ensuring that only declared tools can access certain views.

Although this is a positive development, it’s important to note that the rollout of Android 14 will take time, and OS features should always be complemented with strong defensive measures at the app level to safeguard end-users.

Key takeaways

  • 92.4% of finance apps were susceptible to data extraction by malicious screen readers
  • Malware leveraging screen reader capabilities can silently intercept sensitive information, posing risks to confidentiality and security
  • Implementing app-level defenses, such as code to detect screen readers can help mitigate these threats while upcoming security features in Android 14 offer additional protection