40% of Android Devices at Risk of Screen Hijack Exploit

Security researchers have uncovered a significant flaw in Google’s popular mobile platform Android, allowing malicious attackers to target victims with a plethora of malware. While Google has acknowledged the flaw, the tech giant won’t fix the vulnerability until the next major update of the mobile OS.

The flaw was first discovered by security researchers at Check Point earlier this month. The vulnerability affects all Android devices from Android 6.0.1 (Marshmallow). That accounts for 40% of all Android tablets and phones, which are now vulnerable.

Since Android 6.0, Google tweaked the way app permissions work, labelling these intrusive permissions in different categories. For instance, permissions labelled ‘dangerous’ are only granted during the runtime of the application, following a manual approval by the user.

The exploit lays in an app permission called ‘SYSTEM_ALERT_WINDOW’, one that grants applications to display their intended screens on top of other applications, at any time. It’s a powerful enough permission that users are required to grant the permission with a prompt by heading to the Settings screen-à Apps to find the app to grant it permission to ‘Draw’ over other apps. This feature is common among the likes of Facebook’s messenger app that displays a little bubble head on top of the screen. In essence, the permission enables an app to display over another app without notifying the user.

Here’s where the problem lies. Researchers explain:

This entails a significant potential for several malicious techniques, such as displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans. It can also be used by ransomware to create a persistent on-top screen that will prevent non-technical users from accessing their devices.

As a temporary solution, Google as applied a patch in Android version 6.0.1, allowing the Play Store app to grant run-time permissions used to grant SYSTEM_ALERT_WINDOW permissions to apps installed from the play store. However, this still allows

‘This is clearly not a minor threat, but an actual tactic used in the wild,” researchers noted. Altogether, researchers discovered that a staggering 74% of ransomware, 57% of adware and 14% of bunker malware actively abuse this permission.

With Google’s upcoming version in ‘Android O’ months away from release, the only way to stay secure is to keep an eye out for fishy apps on the Play Store or install a mobile security software that is capable of scanning and blocking malware.

Image credit: Pixabay.