Home GoAndroid Android Toast Overlay Attack Leaves Millions Vulnerable

Android Toast Overlay Attack Leaves Millions Vulnerable

Sep 10, 2017

There is a new attack that is creating issues called Android Toast Overlay attack. Researchers over at Palo Alto Networks are now warning Android users against the Toast Overlay attack. This is a warning that was sent out for all Android users except the newest operating system. It would appear that the Android Toast Overlay attack puts all devices at risk except those running Android Oreo. Read on to learn more about this new attack and what it could do to your Android device.

Android Toast Overlay Attack Potentially Dangerous

The Palo Alto Networks research team said that this new Android Toast Overlay attack is dangerous. You should be immediately heading over and patching your Android device in order to be protected from this new attack. You can end up getting tricked into installing the malware that enables an overlay to attach itself to other apps. The overlay also can occur in the settings and the control panel. So the malware could end up getting more privileges through something as simple as putting an “OK” button over a different button which is actually where the danger can occur.

The new Android Toast Overlay attack could also install a rogue app silently. Beyond that, it could lock you out of your Android device and turn into Ransomware. Ryan Olson, from Palo Alto, explained how you could think you were clicking one thing but in reality, you were clicking something totally different. The overlay button is all that is needed to trick you into activating device administrator privileges.

Android Toast Overlay Attacks Are Not New

When it comes to the overlay attacks themselves, they are not a new issue for Android. They have been around for a long time, and Google seems to never get ahead of them. Once one overlay attack is fixed, another one will pop up. At the Black Hat Security Conference earlier this year, there was another version of the overlay attack that was presented to the researchers. Cloak and Dagger was the name of that attack.

When it comes to the Android Toast Overlay attack, it actually does Cloak and Dagger but in a much more extensive way. Basically, the system alert permission is not needed for the Android Toast Overlay attack. There are “toast” notifications that will pop up and fill up the Android screen, which is how the overlay happens. This then means that the permissions that the user has to be tricked into granting is much lower. This means also that this malware can be issued from outside Google Play Store. Google Play Store has quite a few security checks in place, which could prevent the Android Toast Overlay attack. Since the malware can be distributed outside of the Google Play Store, it means that those security checks will not be there to catch the attacks.

Android Toast Overlay Impacts Many Devices

As far as who is impacted by the Android Toast Overlay attacks, it is almost everyone. Everyone except those running Android Oreo are affected by this attack. Google did put out a patch, so if you have not installed that patch yet then you are also still at risk. Android Oreo allows these toast notifications to be up for only 3.5 seconds, which does help eliminate issues like the Android Toast Overlay attack.

The problem with that is that it can be circumvented still, which is done using a time loop. This is a vulnerability with high severity, although it does not mean you should be freaking out just yet. This particular attack has not been used out in the world yet, at least not that researchers have found. Even though this particular attack has not been seen yet in the wild, you still need to grab the patch from Google to keep yourself safe from this new overlay attack.