By Christopher Budd, Unit 42, Palo Alto Networks
Today, Palo Alto Networks Unit 42 researchers are announcing details on a new high-severity vulnerability affecting the Google Android platform. Patches for this vulnerability are available as part of the September 2017 Android Security Bulletin. This new vulnerability does NOT affect Android 8.0 Oreo, the latest version; but it does affect all prior versions of Android.
There is some malware that exploits some vectors outlined in this article, but Palo Alto Networks Unit 42 is not aware of any active attacks against this particular vulnerability at this time. Since Android 8.0 is a relatively recent release, this means that nearly all Android users should take action today and apply updates that are available to address this vulnerability.
What our researchers have found is a vulnerability that can be used to more easily enable an “overlay attack,” a type of attack that is already known on the Android platform. This type of attack is most likely to be used to get malicious software on the user’s Android device. This type of attack can also be used to give malicious software total control over the device.
In a worst-case attack scenario, this vulnerability could be used to render the phone unusable (i.e., a “brick”) or to install any kind of malware including (but not limited to) ransomware or information stealers. In simplest terms, this vulnerability could be used to take control of devices, lock devices and steal information after it is attacked.
An “overlay attack” is an attack where an attacker’s app draws a window over (or “overlays”) other windows and apps running on the device. When done successfully, this can enable an attacker to convince the user he or she is clicking one window when, in fact, he or she is actually clicking another window. In Figure 1, you can see an example where an attacker is making it appear that the user is clicking to install a patch when in fact the user is clicking to grant the Porn Droid malware full administrator permissions on the device.
Figure 1: Bogus patch installer overlying malware requesting administrative permissions
You can see how this attack can be used convince users to unwittingly install malware on the device. This can also be used to grant the malware full administrative privileges on the device.
An overlay attack can also be used to create a denial-of-service condition on the device by raising windows on the device that don’t go away. This is precisely the type of approach attackers use with ransomware attacks on mobile devices.
Of course, an overlay attack can be used to accomplish all three of these in a single attack:
- Trick a user into installing malware on their device.
- Trick a user into giving the malware full administrative privileges on the device.
- Use the overlay attack to lock up the device and hold it hostage for ransom.
Overlay attacks aren’t new; they’ve been discussed before. But until now, based on the latest research in the IEEE Security & Privacy paper, everyone has believed that malicious apps attempting to carry out overlay attacks must overcome two significant hurdles to be successful:
- They must explicitly request the “draw on top” permission from the user when installed.
- They must be installed from Google Play.
These are significant mitigating factors, and so overlay attacks haven’t been reckoned a serious threat. However, our new Unit 42 research shows that there is a way to carry out overlay attacks where these mitigating factors don’t apply. If a malicious app were to utilize this new vulnerability, our researchers have found it could carry out an overlay attack simply by being installed on the device.
In particular, this means that malicious apps from websites and app stores other than Google Play can carry out overlay attacks. It’s important to note that apps from websites and app stores other than Google Play form a significant source of Android malware worldwide.
The particular vulnerability in question affects an Android feature known as “Toast.” “Toast” is a type of notification window that “pops” (like toast) on the screen. “Toast” is typically used to display messages and notifications over other apps.
Unlike other window types in Android, Toast doesn’t require the same permissions, and so the mitigating factors that applied to previous overlay attacks don’t apply here. Additionally, our researchers have outlined how it’s possible to create a Toast window that overlays the entire screen, so it’s possible to use Toast to create the functional equivalent of regular app windows.
In light of this latest research, the risk of overlay attacks takes on a greater significance. Fortunately, the latest version of Android is immune from these attacks “out of the box.” However, most people who run Android run versions that are vulnerable. This means that it’s critical for all Android users on versions before 8.0 to get updates for their devices. You can get information on patch and update availability from your mobile carrier or handset maker.
Of course, one of the best protections against malicious apps is to get your Android apps only from Google Play, as the Android Security Team aggressively screens against malicious apps and keeps them out of the store in the first place.
PHANTOM GALAXIES Comes to Steam and Epic Games Store on 2nd November 2023
Blowfish Studios, a subsidiary of interactive entertainment company Animoca Brands, announced today that its mecha space opera PHANTOM GALAXIES is launching in free-to-play early access on 2 November 2023 for PC. PHANTOM GALAXIES will be available on Steam, the Epic Games Store, and the official website.
PHANTOM GALAXIES is an expansive online multiplayer sci-fi action RPG set in a vast and immersive universe, featuring fast-paced mecha combat, high-octane action, and a captivating story and characters. After an interstellar war, the Commonwealth and the Union have united to form the Ranger Squadron — a unit of elite mecha pilots devoted to protecting human colonies on the frontiers of known space.
Players will take on the role of an ensign in the Ranger Squadron, piloting a transforming mechanized Starfighter to defend against the incursions of ruthless pirate factions and treacherous alien foes, from the scavenging Junkers and paramilitary Brooksea to the reviled Xanorra and vicious Sha’har zealots. In PHANTOM GALAXIES, players can create unique characters, build and customize their transforming Starfighters to suit their playstyle, engage in high-intensity combat in space or on the ground as they protect the human colonies against vicious pirate hordes, fend off mysterious alien civilizations, and secure strategic locations to defend humanity’s territory.
Players can fight alone or team up with other pilots online. Player freedom is key, with a variety of mecha types to choose from — specializing in close, medium, or long-ranged combat and fully customizable to focus on offence, defence, or both. PHANTOM GALAXIES Gameplay Features:
- Engage in fast-paced battles against enemy mechs, spacecraft, and sky-filling capital ships
- Gain new abilities, weapon configurations, and more as you upgrade the mecha class that fits your playstyle
- Choose between four unique mecha classes and customize your loadout to triumph on the battlefield
- Travel among the stars, exploring sectors inhabited by pirates, scavengers, and rogue factions.
PHANTOM GALAXIES will launch on PC in early access on 2 November 2023; the game is free-to-play and available on Steam, the Epic Games Store, and the official website. PHANTOM GALAXIES features language support for English, Russian, Spanish, German, French, Japanese, and Simplified Chinese.
RAZER Launches Viper V3 Hyperspeed Gaming Mouse
Razer has launched the Razer Viper V3 HyperSpeed. As an extension of the Viper line, the Viper V3 HyperSpeed stands as an embodiment of Razer’s longstanding motto: For Gamers. By Gamers. Reaffirming Razers’ pledge to equip all gamers with tools that amplify their competitive edge, it signifies a prominent entryway to the world of professional gaming.
Years of collaboration with esports professionals have culminated in the Viper V3 HyperSpeed’s precise shape enhancements, which provide optimal support, grip, and comfort. The result is a gaming mouse crafted for claw and fingertip grip styles, minimized finger strain, and enhanced accessibility to vital commands.
Featuring the Razer Focus Pro 30K Optical Sensor, the Viper V3 HyperSpeed guarantees pinpoint accuracy. Its staggering 280-hour battery life on HyperSpeed wireless mode, powered by just a single AA alkaline battery, ensures uninterrupted gameplay. With the option to upgrade to a true 4000 Hz wireless polling rate with the Razer HyperPolling wireless dongle (sold separately), gamers gain that critical microsecond advantage over the competition.
The Viper V3 HyperSpeed is Razer’s commitment to pushing gaming boundaries, ensuring both veterans and rising stars stay ahead of the curve. With pro-endorsed ergonomics and best-in-class technologies, it offers every gamer the opportunity to experience peak Razer performance.
The Razer Viper V3 HyperSpeed is available for $69.99, while the Razer Viper V3 HyperSpeed and HyperPolling Wireless Dongle are available for $84.99.
The 43rd Edition of GITEX GLOBAL to Take Place From 16th to 20th October 2023
The surge in international demand has rallied the world’s largest tech and start-up event to scale even higher and bigger in 2023, spearheading a global tech takeover across two Dubai mega venues next month. The 43rd edition of GITEX GLOBAL will take place from 16-20 October 2023, the blockbuster tech showpiece once again reaching full capacity at the Dubai World Trade Centre as it prepares to host more than 6,000 exhibitors, while Expand North Star, the world’s largest start-up event hosted by Dubai Chamber of Digital Economy, will kick-off its largest ever edition from 15-18 October 2023 at the new Dubai Harbour venue, featuring 1,800 start-ups from 100-plus countries at the Middle East’s biggest iconic superyacht hub.
GITEX GLOBAL and Expand North Star will comprise a combined 41 halls spanning 2.7 million sq. ft of exhibition space – a 35 per cent increase over the previous year – converging the best minds and most visionary companies to scrutinise, challenge, define, and empower the digital agendas of the world. GITEX GLOBAL will present the year’s largest AI showcase and summit, its record growth fuelled by the AI innovation wave currently gripping the globe’s imagination, as 3,500 AI-infused exhibitors reveal how this next big technology shift is transforming lives, governments, businesses, and society.
The AI boom has also added another layer of complexity to protecting digital assets and critical IP infrastructure, with the elevated GITEX Cyber Valley taking the fight directly to the dark cyber-criminal underworld, gathering leading info-sec brands and global experts at the year’s biggest cyber security showcase. Amplifying this growth, the launch shows GITEX Impact and Future Urbanism Expo promise to be the epicentre of ground-shaking shifts in climate technology while advancing sustainable cities, and co-creating a net zero future ahead of the UN climate change summit, COP28.
“The intense demand for involvement in GITEX from the global tech and start-up community is an acknowledgement of the strong impetus to learn, exchange, debate and challenge the recent developments in the tech sphere,” said Trixie LohMirmand, Executive Vice President of Events Management at DWTC, the organiser of GITEX GLOBAL and Expand North Star. “From AI, and cyber to the mounting interest in clean tech, GITEX converges public and private sector leaders from more than 170 countries to explore the new unknown paradigms of the future digital economy.”
Expand North Star hosted by the Dubai Chamber of Digital Economy will scale to a record size in 2023, featuring 1,800 start-ups start-up exhibitors this year to connect, inspire, and extend engagements in one of the world’s most innovative and entrepreneurial ecosystems. More than 1,000 investors from 70 countries with $1 trillion under management will also converge at the new Dubai Harbour venue, as they look to ramp up the momentum in start-up investment after a year of tepid achievements.
Saeed Al Gergawi, Vice President of the Dubai Chamber of Digital Economy, said, “Expand North Star is set to drive the next era of digital entrepreneurship and inspire the next generation of innovators and thinkers. This landmark event will serve as a strategic catalyst to expand the future of Dubai’s digital economy, creating an unrivalled platform to gather key stakeholders from the global start-up community here in the emirate.”
GITEX GLOBAL 2023 welcomes the biggest tech names delving into the latest trends, risks, challenges, and opportunities that are redefining entire industries, spearheaded by returning titans including Dell Technologies, e&, Google, Huawei, HP, IBM, Microsoft, and Tonomus. Among the debut exhibitors supercharging their international growth strategies and forging new connections are Salesforce, Broadcom, Beyon, and Deloitte.
Steven Yi, President of Huawei Middle East & Central Asia said: “At Huawei, GITEX GLOBAL continues to hold great importance to our business year after year. This year, our theme, ‘Accelerate Intelligence,’ demonstrates our commitment to delve into the transformative power of AI, networks, and cloud technologies. Together, we will explore how these converging forces are reshaping our world and how we can unleash the full capabilities of AI-powered solutions to reshape industries worldwide with cyber security, privacy protection and safeguarding our customer’s digital transformation journey remaining our top priorities.”
Review: GameSir G7 SE Wired Controller for XBox and PC
GameSir is a well-known producer of gaming accessories and peripherals and we reviewed their G7 Wired Controller for Xbox and...
Review: Razer Blackwidow V4 Pro Gaming Keyboard
The Razer BlackWidow V4 Pro is the latest addition to Razer’s renowned BlackWidow keyboard lineup and is now available in...
Review of the ASUS ExpertWiFi EBM68 in the UAE
ASUS announced the new ExpertWiFi EBM68 router at Computex this year. The router is tailored specifically to meet the demands...
Review of the Samsung Galaxy Watch6 Classic Astro Edition in the UAE
The Galaxy Watch6 Classic Astro Edition by Samsung is a limited-edition variant of the Watch6 Classic, exclusively available in select...
Review of the Epson EH-TW6250 Pro UHD Projector in the UAE
Epson as a brand is known for its projectors, printers, scanners and lots more. The company is also a major...