Android Hack Brief: Update Your android security patch to Block an Evil Toast Attack

Android hack brief: Update Your android security patch to block an Evil Toast android malware attack. Modern Android hones pains to "sandbox" applications, keeping them carefully segregated so that no malicious program can interfere in the sensitive business of another application. But security researchers have found an unexpected feature of Android that can surreptitiously grant an application permission to not only get outside its sandbox, but completely redraw the phone's screen while another part of the operating system is running, cheating users tapping on fake buttons that can have unexpected consequences. And while hijacking your finger tickets is not a new feat for Android hackers, a new tweak in the attack makes it easier than ever.

android security patch, toast message, toast app, android hack, android virus, android application security, best free antivirus for android, android malware, phone malware
Android malware

The Android Hack

On Thursday, researchers from the Palo Alto networks warned on a blog that users should rush to patch their Android phones against what they are calling a "toast" attack: for all versions of Android, other than Oreo, it may be fooled into installing a piece of malware that can overlay images over other applications and elements of the phone's controls and settings. You could, for example, insert an image of an innocent "continue installation" or a simple "OK" button on another hidden button that invisibly grants the malware more privileges in the phone's operating system or silently installs a fraudulent application on the screen and lock the user from all other parts of the phone in a ransomware form.

"They can make it look like you're touching one thing when you're playing another," says Palo Alto researcher Ryan Olson. "All they have to do is put a button overlay on 'enable this app to be a device admin' and they have cheated you into giving them control over their device.

Android overlay attacks have been around for almost as long as Android itself. But despite repeated efforts by Android developers at Google to solve the problem, another version of the overlay attack was introduced earlier this year at the Black Hat security conference. This new attack, known as Cloak and Dagger, took advantage of two features of Android to re-enable overlapping attacks: one called SYSTEM_ALERT_WINDOW designed to allow applications to display alerts and another known as BIND_ACCESSIBILITY_SERVICE that allows applications for disabled users, - Prevented manipulate other applications, magnify your text or read it aloud. Any malware that performs the Cloak and Dagger attack would need to request user permission for those features when it is installed, and the system alert feature is only allowed in applications within the Google Play Store.

The overly roasted attack takes Cloak and Dagger one step further, say researchers from Palo Alto. They found that they could hijack the accessibility feature to perform a specific form of overlap using so-called toasting notifications that pop up and fill the screen, without the need for system alert permission. That tweak not only reduces the permissions that the user must cheat on the grant but also means that the malware could be distributed from outside the Google Play store, where it would not be subject to Google's security controls.

When we contacted Google about the attack, a spokesman declined to comment but noted that Google released a patch for the problem on Tuesday.

Who is affected?

Each version of Android before Oreo is vulnerable to the new version of the overlay attack, according to Palo Alto, unless you have already installed the Google patch. (Thanks to the complexity of Android's entanglements with phone operators and manufacturers, they most likely have not.)

The most recent version of Android prior to Oreo has a safeguard that only allows notifications of toasts to be displayed for 3.5 seconds. But that can be circumvented by putting the notification in a repeated and timed loop. "If you do it over and over and over again, you can create a continuous overlay that is not visible to the user as a change," says Olson.

How serious is this?

While Palo Alto calls its toast overlay method a "high severity vulnerability," it is not exactly the cause of panic. Palo Alto says he has not yet seen the attack used in nature. And users would have to make a bunch of bugs (even if they are forgivable) before the attack can wreak havoc: you'd have to install the malware that's equipped with the method first after you've already gotten into the Play Store or less forgivable to install it from a source outside Play-and then grant "Accessibility" permissions before it could start popping its notifications of deceptive toasts.

But that does not mean that the toast overlay attack is not worth a quick update to fix: Better to patch the phone's operating system now than worry about malicious toast exploit its rescue screen.

Keywords: Android security patch, toast message, toast app, android hack, Android virus, android application security, best free antivirus for android, android malware, phone malware.
Previous Post
Next Post
Related Posts