Anyone not using Android Oreo at risk of attack that could give malware 'total control' over devices
The Android vulnerability can allow hackers to launch 'Toast overlay attacks' that can brick phones.
If you're an Android user, then it is highly recommended that you update your device to start using the latest Oreo OS immediately to stay safe from potential malicious attacks. A new vulnerability uncovered by security experts, which affects all Android OS versions except Oreo, has been uncovered, which researchers say could be exploited by hackers to launch a new kind of overlay attack and hijack devices.
The vulnerability could potentially be used by hackers to launch "Toast overly attacks," which could provide them with the ability to infect devices with malware and in turn gain "total control" over devices. The flaw could also potentially allow hackers to infect devices with all kinds of malware, including ransomware, and could also allow hackers to brick phones.
Researchers at Palo Alto Networks, who uncovered the vulnerability, say that the "high-severity" flaw "could be used to take control of devices, lock devices and steal information after it is attacked."
"An 'overlay attack' is an attack where an attacker's app draws a window over (or "overlays") other windows and apps running on the device. When done successfully, this can enable an attacker to convince the user he or she is clicking one window when, in fact, he or she is actually clicking another window," Palo Alto Networks researcher Christopher Budd said in a blog.
The vulnerability specifically affects the Android Toast feature, which is a type of notification used to display messages and notifications over other apps.
"They can make it look like you're touching [the display screen for] one thing when you're touching another," Palo Alto Networks researcher Ryan Olson told Wired. "All they have to do is put an overlay button over 'activate this app to be a device admin' and they've tricked you into giving them control of your device."
Although Google has already issued a patch for the vulnerability, it is still highly recommended that Android users update their devices to install Oreo 8.0 as this is the only OS version currently not under threat from this particular flaw.
© Copyright IBTimes 2024. All rights reserved.