Blog Details

• Hackers are the exercise of invisible Unicode to trick Android into opening harmful links from notifications
• The hyperlink looks usual, nonetheless Android secretly opens one thing else without warning or consent
• Even relied on apps take care of WhatsApp and Instagram are prone to this hidden notification exploit

A security flaw in Android’s notification system would maybe well enables malicious actors to deceive customers into opening unintended links or triggering hidden app actions, specialists contain warned.

Look at from io-no claims the flaw lies in how Android parses definite Unicode characters within notifications.

This creates a mismatch between what customers stumble on and what the system processes when the “Open Link” recommendation appears.

What you stumble on isn’t always what you fetch

The say stems from the exercise of invisible or special Unicode characters embedded within URLs.

When integrated in a message, these characters might well cause Android to elaborate the seen textual whisper material and the true actionable hyperlink in a different way.

As an illustration, a notification would maybe well visibly camouflage “amazon.com,” nonetheless the underlying code of route opens “zon.com,” with an inserted zero-width home personality.

The notification displays as “ama[]zon.com,” including the hidden personality. Nonetheless, the recommendation engine interprets that hidden personality as a separator, which results in it launching an completely diversified set apart.

In some conditions, attackers can redirect customers no longer glorious to web sites nonetheless additionally to deep links that work collectively directly with apps.

The converse showed how a seemingly innocent shortened URL resulted in a WhatsApp name.

To manufacture attacks much less detectable, malicious actors can exercise URL shorteners and embed links into relied on-having a leer textual whisper material.

The flaw turns into particularly harmful when combined with app links or “deep links” that would maybe well silently living off behaviors equivalent to initiating messages, calls, or opening inside app views with out person intent.

Tests on units including the Google Pixel 9 Pro XL, Samsung Galaxy S25, and older Android versions published that this misbehavior affects essential apps take care of WhatsApp, Telegram, Instagram, Discord, and Slack.

Custom apps were additionally aged to avoid personality filtering and validate the assault at some stage in multiple scenarios.

Given the personality of this flaw, many fashioned defenses would maybe well fall quick. Even the handiest antivirus solutions would maybe well pass over these exploits, as they typically don’t involve venerable malware downloads.

As a replace, attackers manipulate UI behavior and exploit app hyperlink configurations. Because of the this truth, there is a need for endpoint security tools, which provide broader detection in step with behavioral anomalies.

For customers prone to credential theft or app abuse, counting on identity theft security services turns into well-known to show screen unauthorized project and fetch exposed inside most knowledge.

Until a formal fix is implemented, Android customers ought to restful stay cautious with notifications and links, especially those from habitual sources or URL shorteners.

You might well additionally take care of

• These are the handiest web security suites available
• I of route contain witnessed firsthand the harm induced by fraudulent staff
• Rob a leer at our pick of the handiest VPNs with antivirus that you just would maybe well perhaps also exercise lawful now

Efosa has been writing about abilities for over 7 years, at the starting build pushed by curiosity nonetheless now fueled by a fetch passion for the sector. He holds both a Master’s and a PhD in sciences, which equipped him with a fetch foundation in analytical thinking. Efosa developed a alive to hobby in abilities policy, particularly exploring the intersection of privateness, security, and politics. His learn delves into how technological dispositions impact regulatory frameworks and societal norms, particularly relating knowledge security and cybersecurity. Upon joining TechRadar Pro, as well to privateness and abilities policy, he’s additionally targeted on B2B security products. Efosa would maybe well perhaps additionally be contacted at this electronic mail: udinmwenefosa@gmail.com