A group of researchers from Palo Alto Networks claims that smartphone, which hasn't been updated to Android Oreo are vulnerable to an open attack by hackers. First reported by The Register, the users can potentially face something known as the “overlay” attack. Hackers are able to manipulate users into sharing their personal details through a simple launch of a dialogue box.

Hackers taking advantage of vulnerability

Versions older than Oreo, are carrying a vulnerability that allows hackers to take optimum advantage of it. They are able to penetrate through its security features and launch a “fake” dialogue box.

This dialogue box doesn’t require permissions. It usually turns up in apps and thus, is believed to be authentic by users. But according to the researchers, it is a malicious way for hackers to gain personal details of users. Google has updated its Oreo with this fix. Therefore, it has now become significant for Android users to update to Oreo immediately.

Until then, researchers advise users to follow two important steps. The first step requires users to change the setting of each of the apps. Simply go to “Settings” option, and then tap “Apps.” Following which, one must select the “Draw on Top” permission from the user. This will alert users if they are being asked for details by a false source. The second step is to download well-known apps from Google Play Store only.

Palo Alto’s Unit 42 identifies the threat

The credit for discovering the vulnerability can be given to Palo Alto’s Unit 42 threat research team. According to them, the hackers are able to create a new type of notification update called, “Toast.” These are designed to look like they are authentic updates released by Google themselves. Such settings often fool users. Once hackers are able to penetrate through systems, they can swipe away personal details of the users. Personal details may include address, bank account details and intimate pictures and other such data. The criminal-minded will make use of such information against the user and try to extort money. Google made its Android Oreo available for official use just two weeks back.

Major smartphone manufacturers are rushing towards getting the update onboard. The list includes companies like Sony and Nokia. Google’s upcoming Pixel line-up will feature the update out-of-the-box. Rest of the Android users are advised to remain extremely cautious when they come across such malicious activities.