Connect with us

News

Patch Your Android Phone to Avoid the “Toast” Attack

Published

on

By Christopher Budd, Unit 42, Palo Alto Networks

Today, Palo Alto Networks Unit 42 researchers are announcing details on a new high-severity vulnerability affecting the Google Android platform. Patches for this vulnerability are available as part of the September 2017 Android Security Bulletin. This new vulnerability does NOT affect Android 8.0 Oreo, the latest version; but it does affect all prior versions of Android.

There is some malware that exploits some vectors outlined in this article, but Palo Alto Networks Unit 42 is not aware of any active attacks against this particular vulnerability at this time. Since Android 8.0 is a relatively recent release, this means that nearly all Android users should take action today and apply updates that are available to address this vulnerability.

What our researchers have found is a vulnerability that can be used to more easily enable an “overlay attack,” a type of attack that is already known on the Android platform. This type of attack is most likely to be used to get malicious software on the user’s Android device. This type of attack can also be used to give malicious software total control over the device.

In a worst-case attack scenario, this vulnerability could be used to render the phone unusable (i.e., a “brick”) or to install any kind of malware including (but not limited to) ransomware or information stealers. In simplest terms, this vulnerability could be used to take control of devices, lock devices and steal information after it is attacked.

An “overlay attack” is an attack where an attacker’s app draws a window over (or “overlays”) other windows and apps running on the device. When done successfully, this can enable an attacker to convince the user he or she is clicking one window when, in fact, he or she is actually clicking another window. In Figure 1, you can see an example where an attacker is making it appear that the user is clicking to install a patch when in fact the user is clicking to grant the Porn Droid malware full administrator permissions on the device.

Figure 1: Bogus patch installer overlying malware requesting administrative permissions

You can see how this attack can be used convince users to unwittingly install malware on the device. This can also be used to grant the malware full administrative privileges on the device.

An overlay attack can also be used to create a denial-of-service condition on the device by raising windows on the device that don’t go away. This is precisely the type of approach attackers use with ransomware attacks on mobile devices.

Of course, an overlay attack can be used to accomplish all three of these in a single attack:

  1. Trick a user into installing malware on their device.
  2. Trick a user into giving the malware full administrative privileges on the device.
  3. Use the overlay attack to lock up the device and hold it hostage for ransom.

Overlay attacks aren’t new; they’ve been discussed before. But until now, based on the latest research in the IEEE Security & Privacy paper, everyone has believed that malicious apps attempting to carry out overlay attacks must overcome two significant hurdles to be successful:

  1. They must explicitly request the “draw on top” permission from the user when installed.
  2. They must be installed from Google Play.

These are significant mitigating factors, and so overlay attacks haven’t been reckoned a serious threat. However, our new Unit 42 research shows that there is a way to carry out overlay attacks where these mitigating factors don’t apply. If a malicious app were to utilize this new vulnerability, our researchers have found it could carry out an overlay attack simply by being installed on the device.

In particular, this means that malicious apps from websites and app stores other than Google Play can carry out overlay attacks. It’s important to note that apps from websites and app stores other than Google Play form a significant source of Android malware worldwide.

The particular vulnerability in question affects an Android feature known as “Toast.” “Toast” is a type of notification window that “pops” (like toast) on the screen. “Toast” is typically used to display messages and notifications over other apps.

Unlike other window types in Android, Toast doesn’t require the same permissions, and so the mitigating factors that applied to previous overlay attacks don’t apply here. Additionally, our researchers have outlined how it’s possible to create a Toast window that overlays the entire screen, so it’s possible to use Toast to create the functional equivalent of regular app windows.

In light of this latest research, the risk of overlay attacks takes on a greater significance. Fortunately, the latest version of Android is immune from these attacks “out of the box.” However, most people who run Android run versions that are vulnerable. This means that it’s critical for all Android users on versions before 8.0 to get updates for their devices. You can get information on patch and update availability from your mobile carrier or handset maker.

Of course, one of the best protections against malicious apps is to get your Android apps only from Google Play, as the Android Security Team aggressively screens against malicious apps and keeps them out of the store in the first place.

Cars

Tesla Unveils Cybercab and Robovan: A New Era of Autonomous Transportation

Published

on

Tesla has finally revealed its highly anticipated driverless robotaxi, the Cybercab, and a larger autonomous vehicle called the Robovan. These groundbreaking vehicles represent a significant step forward in the company’s mission to revolutionize transportation.

The Cybercab, designed to resemble a sleek, futuristic vehicle, features a minimalist interior and advanced autonomous driving technology. It is expected to cost less than $30,000 and will begin unsupervised full self-driving trials in Texas and California next year.

Tesla also surprised attendees with the debut of the Robovan, a larger, more versatile vehicle capable of transporting up to 20 people or a significant amount of cargo. Its design is reminiscent of a futuristic sci-fi movie and offers potential applications for both commercial and personal use.

In addition to these new vehicles, Tesla showcased its Optimus humanoid robots, which are expected to be available for purchase in the coming years. These robots are designed to assist humans with various tasks and could be used in manufacturing and healthcare industries.

The unveiling of these innovative vehicles marks a significant milestone for Tesla and highlights the company’s commitment to developing cutting-edge autonomous technology. As Tesla continues to push the boundaries of electric transportation, the future of mobility looks increasingly promising.

Continue Reading

Gadgets

DOOGEE to Showcase its Smartphones and Mobile Solutions at GITEX 2024

Published

on

DOOGEE has announced that it will showcase its latest innovations at GITEX Global 2024 at its booth H12-B12. The event will be held at the Dubai World Trade Centre from October 14 to 18. DOOGEE will unveil cutting-edge smartphones and mobile solutions to enhance user experience and connectivity.

“This prestigious technology event offers the perfect opportunity to showcase our latest innovations and connect with industry leaders,” the company said in a statement. “We look forward to demonstrating how our products can transform the way people interact with technology. With thousands of exhibitors and attendees from around the world, GITEX Global 2024 is an exciting event not to be missed. Join us to explore the future of mobile technology and experience our latest innovations firsthand through interactive displays and demos.”

DOOGEE T30 Series
DOOGEE T30 Series tablets offer a seamless blend of power and versatility. Designed to focus on productivity and stability, these tablets are equipped with powerful processors and optimized software to ensure smooth multitasking and swift application performance. The T30 Series is the ultimate choice for efficient and stable business office solutions.

DOOGEE U Series
DOOGEE U Series Tablet is a premium play-and-learn companion tailored for kids. This innovative device combines the joy of play with the essence of education, transforming into an all-in-one high-tech toy and learning assistant. The U Series Tablet is the perfect blend of fun and education that will ignite your child’s curiosity and foster a love for learning.

V PAD
The V PAD is a powerful tablet equipped with a Mediatek MT8791 Octa Core 5G Processor, a 12″ 2.4K Ultra-clear Display, an 8800mAh Large Battery, and the latest Android 14 System.

T40 PRO
The T40 PRO is another impressive tablet featuring a 12″ 2.4K IPS Ultra-clear Display, 512GB Massive Storage, a Helio G99 Octa-core Processor, and a sleek 7.6mm Aerospace-grade Alloy Unibody Design.

T40
The T40 offers a slightly smaller 11″ 2.5K Ultra-clear Display but still packs a powerful Helio G99 Octa-core Processor, 512GB Massive Storage, and an 8580mAh Large Battery.

T30 MINI PRO
For those seeking a more compact option, the T30 MINI PRO features an 8.4-inch 2.5K Ultra-clear Display, Dual-band WIFI5+GPS, 512GB Massive Storage, and a Double Speaker Super Sound System.

U11
The U11 is a versatile tablet with an 11″ Ultra-high Definition IPS Screen, an 8580mAh Large Capacity Battery, a Unisoc T606 octa-core processor, and the latest Android 14 System.

DOOGEE S Series
The DOOGEE S Series is known for its durable, high-performance rugged smartphones. The flagship model, the S100, features a powerful MediaTek G99 processor, a 100MP camera, and a stylish leather-like back cover. Its popularity led to it becoming the top-selling rugged phone in its price range. The series has expanded to include the S100 Pro, S110, and Smini, each offering unique features like a massive battery, dual screens, and a compact design.

DOOGEE Blade Series
The DOOGEE Blade Series focuses on sleekness and portability without compromising on performance. These smartphones are designed to be thin and lightweight, making them easy to carry. Despite their slim profiles, they offer powerful processors, high-resolution cameras, and long-lasting batteries.

DOOGEE Fire Series
The DOOGEE Fire Series is a unique range of smartphones equipped with thermal imaging technology. This allows users to see beyond the visible spectrum, providing valuable insights in various situations. Whether for exploration, safety, or precision, the Fire Series offers a versatile and innovative tool.

DOOGEE N Series
The DOOGEE N Series is designed for those who appreciate luxury and style. These smartphones feature a premium design, with sleek lines, high-quality materials, and meticulous attention to detail. The N Series is a testament to DOOGEE’s commitment to creating elegant and sophisticated devices.

Blade GT
The Blade GT is a stylish smartphone with a sleek 10.5mm thickness, Dynamic Lighting Effect, and a powerful 5G Octa-core Processor.

Blade 10 Pro
The Blade 10 Pro is the thinnest rugged phone on the market, featuring a Cyberpunk Style, Futuristic Sense, a 5150mAh Large Battery, a 50MP Incredible Main Camera, and the Latest Android 14 System.

Fire 6
The Fire 6 is a unique smartphone with thermal imaging capabilities. It also boasts a 10400mAh Large Battery, a 50MP Main Camera with Morpho, the Latest Android 14 System, and 256GB Massive Storage.

N55
The N55 is an affordable smartphone with a modern design and impressive features. It offers the Latest Android 14 OS System, an Ultra-Lightweight & Ultra-Thin Design, a 6.56″ HD+ 90Hz IPS Waterdrop Screen, and Vacuum Coating on the Screen For Protection.

S Punk
The S Punk is a fun and stylish smartphone with a 126dB Large Amplitude Speaker, a 10800mAh Large Battery, Up to 16GB RAM + 256GB ROM, and Dazzling Cool Interaction Lights.

Continue Reading

Accessories

CORSAIR to Collab with Call of Duty

Published

on

CORSAIR has begun to release the first products in its multi-year, full cross-brand collaboration with the critically acclaimed Call of Duty franchise. This powerful new integration sees two of the world’s best-known gaming brands come together for the first time with the collaboration extending across multiple product categories at CORSAIR including Drop, Elgato, ORIGIN PC and SCUF Gaming.

“We are thrilled to be teaming up with Activision and have our world-class brands come together as CORSAIR is set to deliver premium performance for Call of Duty players across all platforms whether it’s playing Black Ops 6, capturing amazing content or streaming with friends,” said Thi La, President and COO at CORSAIR.

“Our goal has always been to fuel the Call of Duty fandom with best-in-class products built for today’s gamers and we couldn’t be more thrilled to partner with CORSAIR for the launch of Black Ops 6. The suite of officially licensed products will help elevate gaming stations everywhere in true Call of Duty Black Ops style,” said Brooke Carpenter, Senior Director, Global Consumer Products at Activision.

In addition to top-tier controllers from SCUF Gaming, CORSAIR headsets and keyboards and streaming equipment from Elgato, this collaboration will see the introduction of several high-end gaming PCs including the ORIGIN PC EON16-X laptop, ORIGIN PC NEURON gaming PC, and the CORSAIR VENGEANCE Gaming PC line. These high-performance gaming machines are designed for the ultimate gaming experience, featuring cutting-edge hardware, custom Black Ops 6-themed aesthetics, and superior build quality. With powerful processors, advanced graphics, and lightning-fast storage, Call of Duty fans will enjoy seamless gameplay and stunning visuals.

Beginning with the launch of the highly-anticipated Call of Duty: Black Ops 6, featured products launching today and throughout this holiday include:

CORSAIR

  1. HS80 RGB WIRELESS CALL OF DUTY: BLACK OPS 6 EDITION: A premium wireless gaming headset that delivers incredibly detailed sound through custom-tuned 50mm neodymium audio drivers with immersive Dolby Atmos. It features hyper-fast SLIPSTREAM WIRELESS and a broadcast-grade omnidirectional microphone that captures your voice with outstanding clarity.
  2. K65 PLUS WIRELESS CALL OF DUTY: BLACK OPS 6 EDITION: Stand out from the crowd with superior skill and distinctive design.
  3. The CORSAIR K65 PLUS WIRELESS is a 75% gaming keyboard that maxes out on performance and personality. Step up your Switch game with pre-lubricated CORSAIR MLX Red V2 linear switches that make each keystroke silky smooth and responsive.
  4. M75 WIRELESS CALL OF DUTY: BLACK OPS 6 EDITION: Sculpted by victory. Made for the spotlight. The M75 WIRELESS sports an expertly designed ambidextrous mouse shape and ultra-fast connectivity via SLIPSTREAM WIRELESS and Bluetooth.
  5. MM300 2XL CALL OF DUTY: BLACK OPS 6 EDITION: a high endurance cloth mouse mat for high-DPI gaming mice. Reinforced stitched edges guard against surface peeling, while the textile-weaved surface gives superior control for lethal in-game accuracy.
  6. VENGEANCE SERIES CALL OF DUTY: BLACK OPS 6 EDITION: Step up your game with a CORSAIR VENGEANCE gaming pc, built with a full range of award-winning CORSAIR components, and powered by the latest cutting-edge processors and graphics.

SCUF Gaming

  1. REFLEX CALL OF DUTY: BLACK OPS 6 EDITION: Stay unstoppable with ergonomically designed remappable paddles, adaptive triggers, and onboard profiles that allow you to quickly switch from one game to another with SCUF Reflex for PlayStation 5.
  2. INSTINCT PRO CALL OF DUTY: BLACK OPS 6 EDITION: Engineered for better performance and responsiveness, SCUF Instinct Pro for Xbox Series X|S provides four remappable paddles, interchangeable thumbsticks, and instant triggers that switch from regular to a mouse-like click at the flip of a switch.
  3. ENVISION PRO CALL OF DUTY: BLACK OPS 6 EDITION: Designed to deliver the best experience for controller PC gamers. SCUF Envision is equipped with 11 additional remappable inputs, ultra-fast wired/wireless connectivity, advanced software for macros and endless customization options.
  4. UNIVERSAL CONTROLLER PROTECTION CASE CALL OF DUTY: BLACK OPS 6 EDITION: This case has an impact-resistant exterior and a soft, padded interior to protect your controller from dents and scratches, even while travelling. It works to protect any Xbox Series X|S, PS5, PS4, or Xbox One controller.

Elgato

  1. STREAM DECK MK.2 CALL OF DUTY: BLACK OPS 6 EDITION: Features 15 customizable LCD keys to control apps and platforms. Hit the store for app plugins, icons, tracks plus effects, and keep your setup fresh with interchangeable faceplates.
  2. WAVE:3 USB MICROPHONE CALL OF DUTY: BLACK OPS 6 EDITION: A premium microphone and digital mixing solution that fuses plug-and-play convenience with broadcast-grade circuitry.
  3. WAVE MIC ARM LP CALL OF DUTY: BLACK OPS 6 EDITION: A studio-grade boom arm for your premium microphone, Wave Mic Arm LP sits below the shoulder line for an unobstructed view.

Drop

ARTISAN KEYCAP CALL OF DUTY: BLACK OPS 6 EDITION: A 1u artisan keycap featuring a jet-black acrylic keycap with a bite jutting out to meet your fingertips.

ORIGIN PC

  1. ORIGIN PC NEURON CALL OF DUTY: BLACK OPS 6 EDITION: A gaming powerhouse engineered for intense action and precision. Equipped with cutting-edge hardware including powerful graphics cards, fast processors, and more. With fully customizable options and up to 8TB of storage, you’ll have the space and speed to dominate every game. Encased in a sleek design, the NEURON brings unparalleled power and style to your gaming setup.
  2. ORIGIN PC EON16-X CALL OF DUTY: BLACK OPS 6 EDITION: Experience unparalleled performance and immersive gameplay in a sleek, custom design. Fully customizable, add on a plethora of storage and high-quality DDR5 memory with components by CORSAIR.

Specific products are available now or open for pre-order. Additional categories, launch dates, and more details on this groundbreaking collaboration will be announced over time.

Continue Reading
Advertisement
Advertisement

Latest Reviews

Follow us on Facebook