Android phones running versions of the operating system older than Android 8.0 Oreo could be at risk from a new vulnerability that allows malware to put fake overlays in front of users.
Discovered by cyber security firm Palo Alto Networks’ Unit 42 threat detection team, hackers can exploit a feature in older versions of Android called Toast, which allows apps to display pop up notifications, to draw fake app windows in Android that trick people into giving malware access to their device.
Once such malware has infected an Android phone or tablet it can lock up the OS and hold the phone’s software hostage in return for a ransom.
Normally, overlay attacks require Android users to give malicious apps direct explicit permission to draw overlay windows, and requires such apps to be installed from Google’s Play Store. These hurdles have meant that overlay cyber attacks haven’t really been something for people to worry about.
But the new vulnerability now allows malware to bypass those permissions and start causing problems.
In simplest terms, this vulnerability could be used to take control of devices, lock devices and steal information after it is attacked.
Android Oreo is immune to this this type of attack and the vulnerability thanks to the work Google has done on tightening up security on its mobile OS.
Source:
http://www.trustedreviews.com/news/android-phones-without-oreo-are-vulnerable-to-overlay-cyber-attacks-3285395
Submitted by: Arnfried Walbrecht
Comments are closed.