Big time Android flaw won't be fixed until next build is released

Big time Android flaw won't be fixed until next build is released
A serious flaw discovered on Android by cyber security firm Check Point is known by Google, but won't be fixed until the next build of the Android OS is released later this year. The flaw can lead to a number of malware attacks resulting in "ransomware, banking malware and adware." And while Android O does remove this vulnerability from the software, it still leaves a large number of phones not expected to receive the upgrade, wide open for attack.

It all revolves around a permissions category that contains one permission, SYSTEM_ALERT_WINDOW. Originally added with Android Marshmallow, this permission was supposed to be manually agreed to by the phone's user. To prevent them from having to grant permission to add functionality to apps already installed, in Android 6.0.1 Google allowed SYSTEM_ALERT_WINDOW to be enabled by default with any app coming from the Google Play Store. However, this left Android handsets open to "displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans," according to Check Point. The latter says that 74% of ransomware, 57% of adware, and 14% of banker malware uses this flaw to inflict real time harm.

This is not an opening that can be theoretically abused. According to Check Point, these things are happening, now. And while Android O will prevent this by using a new restrictive permission called TYPE_APPLICATION_OVERLAY. To protect Android users until the next build of Android is disseminated, Check Point gives simple, but solid advice. "Beware of fishy apps," it says, even those in the Google Play Store. They also advise those installing apps to read comments written by others, and watch for permissions that are not relevant to the workings of the app being installed.

source: CheckPoint via BGR

FEATURED VIDEO

63 Comments

1. kiko007

Posts: 7493; Member since: Feb 17, 2016

Damn.

7. STRANG3R

Posts: 234; Member since: Sep 24, 2015

Celebrities uses iphone and their iCloud gets hacked and their nudes and porns are getting leaked every few weeks or months sp ios is not secure as well and ios user is kind of jailed user, many simple flows like file manager , proper call recorder , themes and you cant even download stuff from internet

9. LebronJamesFanboy

Posts: 671; Member since: Mar 23, 2013

This article has nothing to do with Apple.

10. AlikMalix unregistered

iOS never been hacked... celebrities gave up info thru phishing techniques most of which thru gmail accounts.

13. kiko007

Posts: 7493; Member since: Feb 17, 2016

You're wasting your time. These dudes don't care about "facts", that much has become obvious.

24. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Comimg from you who dont care about facta...lol. At least you are an upfrint hypocrite. You blowup virlfriend nust be so proud of you.

14. Finalflash

Posts: 4063; Member since: Jul 23, 2013

No, the celebrity leaks were an iCloud password protection oversight which allowed multiple tries in quick succession so brute forcing was possible. Phishing through gmail or any other email is usually the users fault for being naive. Other than that, there isn't any excuse whatsoever for this issue because I believe that is how they abuse that chrome click jacking issue and I have seen it personally. So this should be fixed asap and waiting for the next release is just sad.

16. trojan_horse

Posts: 5868; Member since: May 06, 2016

Good point, there, FF!

28. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Because trying to patch it will likely make some apps stop working. It appears a patch woukd likely require all apps to be removed along with services. Try to understand that any code thst is part of rhe core, cant always be patched because in this case all thw apps and more are attached to this.

29. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Also lots of things are never found and also never taken advantage of. If you dont install from questionable sources and use adblocking tools on sites like PA, then you have not much to worry about. Its just common sense. People whomusually fall for phishing scams, arent veey literate to begi with. That latest Google Drive scam, 3 employees fell victim to it. When we alreasy told them millions of times, if tou see an email that youve never seen before, investigate where it came from and who its addressed too. But yet 3 fools clicked.

26. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

That is a lie. How do jaikbreaks works? Eveb if rhe hack comes through another app, that app is still installed in the operating aystem. If you actually believe what you said, gou are really atulid and ahoukd leave tech to the adults.

27. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Even if the hack comes through another app* You are really stupid and should leave tech to adults.

32. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Am curious. If the iPhone for example cant be hacked as you claim, what about th3 text message that cause phones to reboot over and over? This hack affects all iOS devices with iOS8 throught 10.2.1. So basically everyone with an iPhone 4S up to the SE will not be able to fix it because onky iOS10 devices got the fix. Ehat about the flaw that was used to force IPhones to call 911? This was only 1 quarter ago. Forgot? Oh...you dont remember those? Oh maybe thise are not hacks? I guess you dont know what a hack is. You are ignorant.

36. kiko007

Posts: 7493; Member since: Feb 17, 2016

Jesus f**king Christ, would you shut up?!

40. RebelwithoutaClue unregistered

lol I know right

42. kiko007

Posts: 7493; Member since: Feb 17, 2016

He's just spamming basically the exact same comment with differing degrees of editing over and over. It gets tiring to look at.

43. RebelwithoutaClue unregistered

If you can't dazzle them with brilliance, baffle them with bulls**t

44. kiko007

Posts: 7493; Member since: Feb 17, 2016

Sounds like something Theodore Roosevelt would've said lol...

46. RebelwithoutaClue unregistered

Actually it was W.C. Fields :)

47. kiko007

Posts: 7493; Member since: Feb 17, 2016

Filing this under TIL. Also added it to my "philosophical quotes to sound like a smartass" folder!

49. RebelwithoutaClue unregistered

Hahaha how many philosophical quote genres do you have ;)

50. kiko007

Posts: 7493; Member since: Feb 17, 2016

About 70 or so. I add more based on how obscure they get lol. My personal favorite is one from Plato: "We can easily forgive a child who is afraid of the dark, the real tragedy is men afraid of the light."

51. RebelwithoutaClue unregistered

That's deep lol

52. NarutoKage14

Posts: 1324; Member since: Aug 31, 2016

Sounds like what Apple does with every product release event. Gorgeous, beautiful, brilliant, amazing, incredible, unique, etc, etc.

54. Plasticsh1t

Posts: 3106; Member since: Sep 01, 2014

Ikr? He calls other people stupid and douchebags and he can't even construct a coherent sentence. So much for his intelligence. I don't know what Apple have done to him in his life. The problem is he bought a frikkin' red iPhone 7 Plus that he s**ts on all the time. /smh.

55. kiko007

Posts: 7493; Member since: Feb 17, 2016

"I don't know what Apple have done to him in his life." I can think of a few possibilities: A) They murdered his family while he was stationed in the Congo. B) They went straight Pulp Fiction on his anus and gave that backside a traumatic pounding. C) His wife left him for an iPhone. Not a man WITH an iPhone... an ACTUAL iPhone. D) He's bored and they're an easy target. You know that fat kid who's always bullying the halfling in the cafeteria? It's a relationship like that. E) All of the above? :)

56. RebelwithoutaClue unregistered

You mean they went medieval on his ass lol

58. Plasticsh1t

Posts: 3106; Member since: Sep 01, 2014

You're goddamn right LOL.

57. Plasticsh1t

Posts: 3106; Member since: Sep 01, 2014

LMAOOOOOO xD All of the above up his ass LOL.

61. iushnt

Posts: 3105; Member since: Feb 06, 2013

Same can be said for you too. Just replace that Apple with Samsung and iPhone with Galaxy, and then there's you.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.