Android StrandHogg Task Injection POC

This project demonstrates how StrandHogg task injection works.

How it works

• Change R.string.target_package value to the target package value.
• Install the POC and run it.
• Run the target package and this POC will hijack the task.

More details

• (2015) https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-ren-chuangang.pdf
• (2017) https://www.slideshare.net/phdays/android-task-hijacking
• (2019) https://twitter.com/ivanmarkovicsec/status/1201592031333761024
• (2019) https://promon.co/security-news/strandhogg/

And for/from developers:

• https://github.com/Ivan-Markovic/Android-Task-Injection
• https://inthecheesefactory.com/blog/understand-android-activity-launchmode/en
• https://developer.android.com/guide/components/activities/tasks-and-back-stack
• https://medium.com/@iammert/android-launchmode-visualized-8843fc833dbe

Video:

• https://www.youtube.com/watch?v=IYGwXFIYdS8
• https://www.youtube.com/watch?v=HPfT9miU_rY
• https://www.youtube.com/watch?v=yI0Xh5Oc0x4