Tag Archives: Random

Android O Joins Ransomware Battlefield

Android O by Symantec

Android O by Symantec

I read an interesting article about Android O and its joining the battlefield against Ransomware but first I’m addressing the big issue, well not really THE big one but still a sticking point. Lots of people are second guessing Android O’s name I’m still banking on Android Oreo with an Android KitKat style tie in deal. Lots of others are saying it will be Oatmeal Cookie because Orea is a trade mark, but that didn’t stop them with Kitkat. My second guess would be Opal Fruit but that’s also another tie in. I don’t know if Opal is global or not, and in lots of parts of the world Opal is a car company, so less than ideal. 

Back on the topic of Ransomware, Google has decided certain vendors are cretins and not heeding their security warnings and utilising protective features so staring with Android 8.0 (Oreo :P), they are going deprecate (remove) certain things and give us another some beastly weapons. Android 8.0 is due to be released early in the last quarter of 2017. Google will be killing the following Window Types: TYPE_SYSTEM ALERT, TYPE_SYSTEM_ERROR and TYPE_SYSTEM_OVERLAY. 

These are basically urgent or critical windows which appear on top of any other running window, think of Windows modal pop ups where you MUST click to close it, or something like a Blue Screen of Death message that sort of thing. These are the window types which Ransomware often use to lock users out of their devices. 

Permission Classifications

Previously there were only two classifications for permissions, which were Normal Permissions and Dangerous Permissions. Normal permissions were simple things like access the phones IR Sensor, Alter the Time Zone, Set A Wallpaper. Dangerous Permissions are like Access the Camera, Use the Microphone or get phones GPS Location etc. 

Google introduced a third class which they called “Above Dangerous“, really should have been called “Toxic Waste” or “Radioactive” to drive home the danger. As it happens it wouldn’t have made a huge difference since many OEMs decided not to move the toxic permissions into the Above Dangerous category. OEMs are people like Samsung with Touchwhiz and HTC with Sense and the various others who modify Android to their own front end. 

Normal Permissions the Android OS could grant with no interaction from the user, Dangerous Permissions you get the pop up at install time or when needed and had to OK it. Above Dangerous permission requests needed 100% human interaction, apps which required it had to do so by providing instructions where you had to physically go into android settings and carry out the action yourself. Some OEM’s decided this were a hassle to users, and users would prefer paying Ransom in Bitcoins (BTC) to criminals instead.

Google Nuclear Weaponry

Google has been introducing a series of weaponry against Ransonware, in the previous release Android Nougat (7.0) google disabled applications from being able to programmatically change a phones PIN, Security Codes and Passwords. They have now introduced another bunker busting nuke, in case anything does manage to get through and try to lock your screen. The notification bar will always be accessible along with a button which will kill any application trying to hold the screen.

The evidence shows that Ransomware Criminals don’t bother trying to circumvent Googles moves to block them, instead the criminals choose to target older versions. Worst hit are versions Lollipop (5.0) and below, the older the version of android the more targeting it. Jellybean, Ice Cream Sandwich and KitKat are the hardest hit. This would show Google is slowly nailing all the hatches shut.