Android Devices Not Running Android Oreo Vulnerable To Pwnage

Well, this is potentially going to be a problem for reasons that I will get to in a bit. If you’re using an Android device and it’s not running Android Oreo which is the latest and greatest from Google, then you’re vulnerable to an “Overlay Attack” as per Palo Alto Networks who spill the details here. Here’s how the attack works in short:

  1. Download a malicious app from the Google Play Store.
  2. The app draws a bogus screen for users to click on (for example, to install an app or accept a set of permissions), hiding what’s really happening.
  3. Users accept the permissions that the malicious app serves up.
  4. Pwnage.

Android is supposed to prevent this happening. But any Android device not running Oreo doesn’t. Thus there need to be patches for this and soon. Here’s the problem. The Android ecosystem is notorious for being slow to deliver patches because of the diversity of devices and quite frankly the manufacturers of these devices not having security as a top of mind item. So it is entirely possible that this threat might be out there for months before devices get patched. If they get patched at all. And that ignores the fact that the malicious apps are being served up from Google Play which is another huge problem. Clearly Android users have something to worry about.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: