Android pre-Oreo and without patch September exposed the vulnerability of the toast notifications
Android is the mobile operating system most widely used throughout the world and, as such, also the one most exposed to the risk of hacker attacks (not only to weaknesses that are intrinsic to the system, but because, usually, the bad guys turn their attention to what are, in fact, the software platforms used). Among the various attacks made recently evidenced by the security experts figure the one discovered by researchers at Palo Alto Networks Unit 42, and that exploits a vulnerability of the toast notifications.
Before entering on the merits, it is necessary to clarify what is extended the number of Android terminals potentially vulnerable: the flaw was already fixed with the patch of September and the Android operating system Oreo; users who have not received such a patch, or using a previous version of the operating system are therefore at risk.
To understand the operation of the exploit used by the researchers, we mention that the toast notifications are small messages placed in the lower part of the display, encased in a sort of comic strip that has a gray background. The exploit uses the toast notification to create an overlay on the screen without the need to ask for the permission SYSTEM_ALERT_WINDOW, which should be obtained from any app to be able to insert elements in the screen.The smallest top of the range 2016 that satisfies all? Samsung Galaxy S7 is on offer today up to 380 euros. CLICK HERE TO CONTINUE READING