Security experts are warning that a flaw in the Android operating system’s security rules is allowing hackers to install ransomware and banking malware on users’ smartphones and tablets.
Check Point, a security firm in San Carlos, California, has documented the bug in Android’s “permissions” model. The security flaw allows hackers to install ransomware, adware, and banking trojans that hijack victims’ screens.
The problem, Check Point says, is the SYSTEM_ALERT_WINDOW function in Android 6.0 Marshmallow, which is the most widely version of the operating system. Android security allows apps to access SYSTEM_ALERT_WINDOW, creating windows that overlay the entire screen, cover other applications.
Check Point reports that 74 percent of ransomware apps, 57 percent of adware, and 14 percent of banking malware use SYSTEM_ALERT_WINDOW.
Because the function could potentially lock up the system, Google required users to approve permission manually for apps that wished to cover the whole screen. Starting with Android 6.0.1, however, any app installed via the Android Play Store can use SYSTEM_ALERT_WINDOW.
The manual-approval process caused problems for popular apps like Facebook Messenger, Check Point says, which is probably why Google changed the permissions. This change gives any application downloaded from the app store permission to access SYSTEM_ALERT_WINDOW.
The security of users’ systems, therefore, depends upon Google’s ability to detect malware and ban it from the App Store before it infects users’ devices.
Google recently removed several apps from the Play Store because they were infected with BankBot malware, which displays screen overlays that mimic the login pages of European and Australian banks. Users typed their account numbers and passwords into the fake log-in screens, and the details were sent electronically to hackers.
Google says it will address the issue in the next major release of the operating system, Android O, which is scheduled for release in the third quarter of 2017.