Security experts from Palo Alto Networks discovered a
vulnerability with Android overlay system which allows an attack by Toast type
Overlay. Every android devices less than 8.0 are vulnerable to this attack.
Vulnerability occurs due to lack of permission checks in code
validation with Android AOSP (version <= 7.0) and with Android OS version
7.1 it has multiple layers of mitigation, First layer forcibly due to lack
maximum timeout and second mitigation, Android 7.1 allows only one Toast window
per app to be shown at a time.
Experts say Toast overlay is normally used to show a rapid
message over all different applications. For instance, a message showing that
an email has been spared as the draft when a client explores away without
sending an email.
It normally acquires all configuration options with respect to
different windows sorts. Be that as it may, our examination has discovered
utilizing the Toast window as an overlay window permits an application to compose
over the interface of another App without asking for the SYSTEM_ALERT_WINDOW
benefit this ordinarily requires.
Through the overlay attack, an installed malicious app can fool
the user into giving the app Device Administrator permissions. With this, it
will have the capability to launch deadly attacks, including:
Locking the device screen
Resetting the device PIN
Wiping the device’s data
Preventing the user from uninstalling the App
Google patched and disclosed this vulnerability on September 5th
of 2017.
So when you get a security update in your android device update
it to remain secured or your android device can be pwned anywhere any
time...!!!
Comments
Post a Comment