40% of Android devices are at risk of screen hijack exploit

But Google doesn't plan to fix it until late summer

A currently unpatched exploit in the Android operating system means almost 40% of users are vulnerable to screen-hijacking apps, but it is unlikely to be fixed until the summer.

The bug, which was first spotted by researchers at Check Point, is caused by a development oversight in Android permissions, which in the past required users to manually grant downloaded applications the ability to display content on top of other app panes.

However following complaints from users who found it difficult to manually whitelist each app, the Android 6.0.1 'Marshmallow' update made this process automatic, which was good news for legitimate apps like WhatsApp and Facebook Messenger.

It appears that fix has meant apps hiding malicious codes are able to bypass security also being automatically granted the same access, specifically the 'SYSTEM_ALERT_WINDOW' permission. According to Google's own statistics, the vulnerability will be active on close to 40% of all Android devices.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"As a temporary solution, Google applied a patch in Android version 6.0.1 that allows the Play Store app to grant run-time permissions, which are later used to grant SYSTEM_ALERT_WINDOW permission to apps installed from the app store," the Check Point research team explained in a blog post. "This means that a malicious app downloaded directly from the app store will be automatically granted this dangerous permission."

This permission is particularly dangerous as it allows an app to display over any other app, without notifying the user. This means apps are able to display fraudulent adverts or links to content hosting malicious code, which are heavily used in banking Trojans.

"It can also be used by ransomware to create a persistent on-top screen that will prevent non-technical users from accessing their devices," explained the team. This particular permissions exploit is used by 74% of all ransomware, 57% of adware and 14% of banker malware, according to the report, clearly demonstrating that this is a widespread tactic in the wild.

What's worrying is that Google has stated that a fix will be available in time for the release of Android O, which isn't expected until late summer. In the meantime, Check Point has urged users to beware of dodgy-looking apps and to check the comments left by other users.

Although the Play Store is able to police the apps being uploaded to its platform, malicious content is repeatedly bypassing security checks. Check Point recently disclosed the discovery of a new malware strain hidden inside game guides hosted on the Play Store, thought to have infected close to two million Android devices over the past seven months.

Paul Ducklin, senior technologist at security software firm Sophos, believes companies are in a "Catch 22" situation over Google Play: "If you block Google Play, you'll probably end up turning on Android's 'Allow installation apps from unknown sources' instead. And 'unknown sources' opens you up to a massive menagerie of mobile markets."

Advertisement - Article continues below

"Companies should consider some sort of central mobile device management software that helps IT to prevent egregious mistakes, such as quietly blocking apps that no one has heard of yet, because they represent an as-yet unknown risk, while still allowing fun and freedom among better-trusted parts of the ecosystem."

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/mobile/google-android/354816/android-11-developer-access-arrives-earlier-than-expected
Google Android

Android 11 developer access arrives earlier than expected

20 Feb 2020
Visit/mobile/23617/the-best-smartphones-to-buy
Mobile

Best smartphone 2019: Apple, Samsung and OnePlus duke it out

24 Dec 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/technology/artificial-intelligence-ai/354796/ai-identifies-11-earth-bound-asteroids
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/business/business-operations/354790/hp-shareholders-invited-to-come-dine-with-xerox
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020