Well, this is potentially going to be a problem for reasons that I will get to in a bit. If you’re using an Android device and it’s not running Android Oreo which is the latest and greatest from Google, then you’re vulnerable to an “Overlay Attack” as per Palo Alto Networks who spill the details here. Here’s how the attack works in short:
- Download a malicious app from the Google Play Store.
- The app draws a bogus screen for users to click on (for example, to install an app or accept a set of permissions), hiding what’s really happening.
- Users accept the permissions that the malicious app serves up.
- Pwnage.
Android is supposed to prevent this happening. But any Android device not running Oreo doesn’t. Thus there need to be patches for this and soon. Here’s the problem. The Android ecosystem is notorious for being slow to deliver patches because of the diversity of devices and quite frankly the manufacturers of these devices not having security as a top of mind item. So it is entirely possible that this threat might be out there for months before devices get patched. If they get patched at all. And that ignores the fact that the malicious apps are being served up from Google Play which is another huge problem. Clearly Android users have something to worry about.
Like this:
Like Loading...
Related
This entry was posted on September 11, 2017 at 9:31 am and is filed under Commentary with tags Android. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Android Devices Not Running Android Oreo Vulnerable To Pwnage
Well, this is potentially going to be a problem for reasons that I will get to in a bit. If you’re using an Android device and it’s not running Android Oreo which is the latest and greatest from Google, then you’re vulnerable to an “Overlay Attack” as per Palo Alto Networks who spill the details here. Here’s how the attack works in short:
Android is supposed to prevent this happening. But any Android device not running Oreo doesn’t. Thus there need to be patches for this and soon. Here’s the problem. The Android ecosystem is notorious for being slow to deliver patches because of the diversity of devices and quite frankly the manufacturers of these devices not having security as a top of mind item. So it is entirely possible that this threat might be out there for months before devices get patched. If they get patched at all. And that ignores the fact that the malicious apps are being served up from Google Play which is another huge problem. Clearly Android users have something to worry about.
Share this:
Like this:
Related
This entry was posted on September 11, 2017 at 9:31 am and is filed under Commentary with tags Android. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.