Android Toast Flaw Can Burn Users with Malware, DoS and Info-Theft

Android Toast Flaw Can Burn Users with Malware, DoS and Info-Theft”

Discovered by cyber security firm Palo Alto Networks' Unit 42 threat detection team, hackers can exploit a feature in older versions of Android called Toast, which allows apps to display pop up notifications, to draw fake app windows in Android that trick people into giving malware access to their device.

"Overlay attacks aren't new; they've been discussed before", the researchers said. Additionally, our researchers have outlined how it's possible to create a Toast window that overlays the entire screen, so it's possible to use Toast to create the functional equivalent of regular app windows.

A fix for the issue, which was first reported to Google in May, was included in Google's September Android Security Bulletin, listed as CVE-2017-0752.

Normally, overlay attacks require Android users to give malicious apps direct explicit permission to draw overlay windows, and requires such apps to be installed from Google's Play Store. "When done successfully, this can enable an attacker to convince the user he or she is clicking one window when, in fact, he or she is actually clicking another window", Palo Alto Networks researcher Christopher Budd revealed in a blog post. Since Android 8.0 is a relatively recent release, this means that almost all Android users should take action today and apply updates that are available to address this vulnerability.

Typically Google safeguards against overlay attacks by ensuring the app in question has "top drawer" permission from the user and that the app has been downloaded from the Google Play Store.

This attack effecting users of Android operating systems older than Oreo could face an attack capable of taking complete control.

Because of these two factors, overlay attacks were previously ruled a non-serious threat.

The Unit 42 research shows that the new vulnerability provides a way to carry out overlay attacks simply by installing malicious apps (including those from websites and app stores other than Google Play).

In light of this latest research, the risk of overlay attacks takes on a greater significance.

Although Google has already issued a patch for the vulnerability, it is still highly recommended that Android users update their devices to install Oreo 8.0 as this is the only OS version now not under threat from this particular flaw.

Past year an emergency Android patch was released to combat a rooting application, this vulnerability ultimately gained the "Critical" severity status as the extent of the problem became apparent.

The Android Toast overlay exploits all versions of Android prior to the latest version, Android Oreo. You can get information on patch and update availability from your mobile carrier or handset maker.

Like this



12 September 2017
Rams sign Johnny Hekker to contract extension with $10M guaranteed
Westbrooks also restructured his contract, and the new deal will take him through the 2018 season at a total of $3 million.

12 September 2017
National Football League appeals injunction that put Ezekiel Elliott's suspension on hold
Elliott was ruled eligible for Week 1 before his suspension was upheld because of the league's standard for competitive advantage. District Judge Amos Mazzant granted a temporary restraining order and injunction blocking the suspension Friday.

12 September 2017
Raúl Ruidíaz figura en el once ideal de la Liga MX
Raúl Ruidíaz con sus dos últimos goles suma cinco en la temporada 2017/18 en siete encuentros disputados por la Liga MX . Raúl Ruidíaz llegó al Monarcas Morelia en el 2016 y hasta el momento ha anotado 25 goles.

12 September 2017
Bale 'had to take a lot of painkillers'
But when you've been injured for three months and you see your team-mates play you really want to come back and that's what I did. And it doesn't bother me too much, " he said. "Yes, there have been great moments and others, not so much".

12 September 2017
Advice to cut all drinking during pregnancy based on 'generally weak' evidence
They said Government recommendations that women stop drinking altogether in pregnancy was based on "generally weak" evidence. They highlighted that another reason to be cautious was that the association might not reflect a direct causal link.

12 September 2017
Firefighters get a hand in BC budget
Finance Minister Carole James said the new government is also allocating resources for the upcoming poverty reduction plan. Liberals is that the tax will no longer be revenue neutral, which means the money will now go towards green initiatives.

12 September 2017
Stranger Things and Westworld lead second night wins at Creative Arts Emmys
For " Westworld ", the series' five wins included special visual effects and makeup for a single-camera series (non-prosthetic). The series also won Sound Editing for a Series and Main Title Design. "I wanted to go to Broadway before I won any awards".

12 September 2017
Week 3 AP Poll winners and losers
Utah was 23rd in last week's Amway poll but sits one spot lower after its 19-13 win at rival BYU, and now the Utes are 24th. The Tigers claimed the remaining two No. 1 votes and narrowly held off Oklahoma for the second position.

12 September 2017
Announcer Will Make History At Monday Night's Football Game
Every woman I know in this business worked hard so we can talk about sports, not talk about us talking about sports . She joined ESPN in 1994. "It's an fantastic property and an awesome thing to be able to work on", she said.

12 September 2017
Fight over rights to monkey's selfie ends in settlement
The agreement brings to an end to a dispute which originated in 2011 when Mr Slater travelled to Sulawesi, Indonesia, and spent a week taking pictures of macaques.