DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Overlay Attacks Are Back

Overlay attacks are ramping up again. And there's not really much that you, as an app developer, can do about it.

Christopher Lamb user avatar by
Christopher Lamb
CORE ·
Nov. 19, 18 · News
Like (2)
Save
Tweet
Share
4.94K Views

Join the DZone community and get the full member experience.

Join For Free

Overlay attacks are all the rage today. They've been around for a few years, but they're becoming popular again as desktop systems are becoming more difficult to penetrate. And like most malware today, your users are the ones installing it.

These kinds of attacks have been hitting the Android ecosystem since early 2017. They had a lull in activity, but they're starting to ramp up again. And there's not really much that you, as an app developer, can do about it.

So how do they work?

Basically, an attacker places a transparent overlay above an app, captures the data typed into the overlay, and then submits that data to the form over which the overlay is installed. Usually, the overlay uses a Toast window, designed to float above other windows on the phone. In older versions of Android, the window is missing two specific authority checks — a permissions check and an operations check. In Nougat or earlier, if an application attempts to display a Toast dialog, it will automatically display without any checks, wherever the application would like to display the dialog, with whatever attributes the application would like to use.

As you can imagine, this is a bit problematic. If you have installed a malicious application on your phone, that application can use this approach to steal credentials, install additional malware. It can really just about anything. And to make matters worse, attackers can buy pre-configured overlays on the dark web to throw up in front of legitimate applications.

These attacks have changed a bit since Nougat, but they are still possible. Essentially, the key to these attacks post-Nougat is to clickjack via an overlay. For example, if you're a malicious developer, and you've been able to get your app installed on a phone, you can bring up an overlay over a device administrator dialog that looks innocuous. You can then create a control on the overlay that asks for a user click, and then, pass that press down to the administrative dialog. You can use this approach to give your app whatever permissions you'd like.

The best defense? An updated device. The best way to defend your customers? Hope.

application

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Kotlin Is More Fun Than Java And This Is a Big Deal
  • Using JSON Web Encryption (JWE)
  • Beginners’ Guide to Run a Linux Server Securely
  • Load Balancing Pattern

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: