40% of Android devices are at risk of screen hijack exploit

But Google doesn't plan to fix it until late summer

A currently unpatched exploit in the Android operating system means almost 40% of users are vulnerable to screen-hijacking apps, but it is unlikely to be fixed until the summer.

The bug, which was first spotted by researchers at Check Point, is caused by a development oversight in Android permissions, which in the past required users to manually grant downloaded applications the ability to display content on top of other app panes.

Advertisement - Article continues below

However following complaints from users who found it difficult to manually whitelist each app, the Android 6.0.1 'Marshmallow' update made this process automatic, which was good news for legitimate apps like WhatsApp and Facebook Messenger.

It appears that fix has meant apps hiding malicious codes are able to bypass security also being automatically granted the same access, specifically the 'SYSTEM_ALERT_WINDOW' permission. According to Google's own statistics, the vulnerability will be active on close to 40% of all Android devices.

"As a temporary solution, Google applied a patch in Android version 6.0.1 that allows the Play Store app to grant run-time permissions, which are later used to grant SYSTEM_ALERT_WINDOW permission to apps installed from the app store," the Check Point research team explained in a blog post. "This means that a malicious app downloaded directly from the app store will be automatically granted this dangerous permission."

Advertisement
Advertisement - Article continues below

This permission is particularly dangerous as it allows an app to display over any other app, without notifying the user. This means apps are able to display fraudulent adverts or links to content hosting malicious code, which are heavily used in banking Trojans.

Advertisement - Article continues below

"It can also be used by ransomware to create a persistent on-top screen that will prevent non-technical users from accessing their devices," explained the team. This particular permissions exploit is used by 74% of all ransomware, 57% of adware and 14% of banker malware, according to the report, clearly demonstrating that this is a widespread tactic in the wild.

What's worrying is that Google has stated that a fix will be available in time for the release of Android O, which isn't expected until late summer. In the meantime, Check Point has urged users to beware of dodgy-looking apps and to check the comments left by other users.

Although the Play Store is able to police the apps being uploaded to its platform, malicious content is repeatedly bypassing security checks. Check Point recently disclosed the discovery of a new malware strain hidden inside game guides hosted on the Play Store, thought to have infected close to two million Android devices over the past seven months.

Advertisement - Article continues below

Paul Ducklin, senior technologist at security software firm Sophos, believes companies are in a "Catch 22" situation over Google Play: "If you block Google Play, you'll probably end up turning on Android's 'Allow installation apps from unknown sources' instead. And 'unknown sources' opens you up to a massive menagerie of mobile markets."

"Companies should consider some sort of central mobile device management software that helps IT to prevent egregious mistakes, such as quietly blocking apps that no one has heard of yet, because they represent an as-yet unknown risk, while still allowing fun and freedom among better-trusted parts of the ecosystem."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

2 Mar 2020
Visit/mobile/google-android/354816/android-11-developer-access-arrives-earlier-than-expected
Google Android

Android 11 developer access arrives earlier than expected

20 Feb 2020
Visit/mobile/23617/the-best-smartphones-to-buy
Mobile

Best smartphone 2019: Apple, Samsung and OnePlus duke it out

24 Dec 2019

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020