Android phones running Nougat or lower vulnerable to overlay attack

This attack tricks users into giving permission for their own pwnage.

  • Updated: September 11, 2017 7:20 PM IST

A new security research indicates that any unpatched smartphone running on Android operating system older than Oreo, could be vulnerable to a malware. Like any malware, this one too is dangerous, as it tricks users into fake dialogs so they “okay” their own pwnage.

According to Palo Alto Networks’ researchers, the malware, which is also known as overlay attack, is a straightforward trick, wherein a bogus screen is drawn for users to click on (for example, to install an app or accept a set of permissions), hiding what’s really happening.

The researcher says, “everyone has believed that malicious apps attempting to carry out overlay attacks must overcome two significant hurdles to be successful – They must explicitly request the ‘draw on top’ permission from the user when installed; they must be installed from Google Play.” However, this vulnerability bypasses these requirements, by exploiting a notification type called Toast that Android documentation describes as “a view containing a quick little message for the user. ALSO READ: Android Nougat now runs on 13.5% devices globally, after 2% increase

The research of this vulnerability shows the permissions granted by the SYSTEM ALERT WINDOW and the BIND ACCESSIBILITY SERVICE. These apparently can be exploited to “successfully and completely compromise the UI feedback loop”. Exploiting these permissions, the paper explains, “allows an attacker to both modify what user sees and inject fake input, all while maintaining the expected ‘user experience’ and remaining stealthy”. Researchers say that the vulnerability they’ve discovered “could carry out an overlay attack simply by being installed on the device”.

This seems alarming considering only a very small fraction of Android devices run Oreo at present. And keeping the pace in mind at which Android devices get new OS updates, this could be a while. According to the last Android distribution statistics recorded in August, Nougat still runs only 13.5 percent of total Android devices, out of which the older Android 7.0 Nougat runs on 12.3 percent devices, while Android 7.1 Nougat runs on 1.2 percent. ALSO READ: BlackBerry Priv will not get Android Nougat or Oreo update: Report

  • Published Date: September 11, 2017 7:19 PM IST
  • Updated Date: September 11, 2017 7:20 PM IST