All Android users urged to install security updates NOW to protect against new ‘overlay’ attack


Android users are being urged to make sure they have the latest security patches installed on their device following the discovery of a ‘high severity’ security threat.

The vulnerability affects ALL versions of Android prior to the newly launched Android 8.0 Oreo.

Discovered by security firm Palo Alto Networks, the vulnerability exploits Android’s Toast notifications.

Toast notifications are the small pop up messages you see when Android is performing an activity. For example, when you send a message, the ‘Sending message..’ toast is activated, as shown below.

Image: Google

Hackers can use malware to exploit the toast notifications into obtaining full access rights to a victim’s smartphone and carry out what is known as an ‘overlay attack’.

“An “overlay attack” is an attack where an attacker’s app draws a window over (or “overlays”) other windows and apps running on the device. When done successfully, this can enable an attacker to convince the user he or she is clicking one window when, in fact, he or she is actually clicking another window,” Palo Alto Networks researcher Christopher Budd revealed in a blog post.

The attack can enable hackers to take control of a device in order to steal passwords, credit card info, private messages and web browser history. It could even be used by hackers to the lock the victim out of the their phone and demand a ransom payment.

Typically Google safeguards against overlay attacks by ensuring the app in question has ‘top drawer’ permission from the user and that the app has been downloaded from the Google Play Store.

However, security researchers say that an overlay attack is still possible when the toast notifications are exploited.

This is because toast notifications do not require the same level of permissions as other Android windows which makes it possible for hackers to create an overlay of the screen.

“If a malicious app were to utilize this new vulnerability, our researchers have found it could carry out an overlay attack simply by being installed on the device. In particular, this means that malicious apps from websites and app stores other than Google Play can carry out overlay attacks, Budd said.

“It’s important to note that apps from websites and app stores other than Google Play form a significant source of Android malware worldwide,” he added.

A fix for the issue, which was first reported to Google in May, was included in Google’s September Android Security Bulletin, listed as CVE-2017-0752.


Comments are closed.