View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 11, 2017updated 06 Jul 2022 6:51am

Android users warned of security risk to versions older than Oreo

This attack effecting users of Android operating systems older than Oreo could face an attack capable of taking complete control.

By Tom Ball

Android users running on an operating system version older than Oreo have been warned of an attack capable taking control of devices if patching is not carried out soon.

This threat is an overlay attack, and it works by cloaking itself beneath a fake screen to trick the user into activating the malicious process being carried out.

Overlay attacks are based on stealth, and in addition to requiring the user to initiate them, they must also get in by being installed from Google Play. Once this attack has made entry, it is able to assume control and launch malware and ransomware.

The Unit 42 threat research team from Palo Alto Networks uncovered the Toast attack affecting operating systems older than Oreo, finding that it is capable of functioning completely out of view of the user, while subtly influencing what they are doing.

Palo Alto Networks researcher Christopher Budd said in a blog: “An ‘overlay attack’ is an attack where an attacker’s app draws a window over (or “overlays”) other windows and apps running on the device. When done successfully, this can enable an attacker to convince the user he or she is clicking one window when, in fact, he or she is actually clicking another window.”

Last year an emergency Android patch was released to combat a rooting application, this vulnerability ultimately gained the ‘Critical’ severity status as the extent of the problem became apparent.

READ MORE: Top 5 elements of cybersecurity risk management

Continuing to be one of the greatest risks to cybersecurity, human forgetfulness or laziness has previously proven dangerous in terms of patching. The recent WannaCry ransomware attack that had a global impact was able to have crippling effects on the NHS due to a widespread failure to patch.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Recent research into cybersecurity trends revealed the top most prominent threats to data security, these included ransomware, DDoS attacks and insider threats. This information was by Infloblox and the SANS Institute.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU