Join Gartner experts at the Gartner Security & Risk Management Summit 2021, September 20 – 22, in Orlando, FL, to share valuable insights on establishing an effective, risk-based cybersecurity program that enables digital innovation to seize the opportunities of the digital future.
The internet of things is growing rapidly, and IoT-enabled devices are beginning to appear in all aspects of our lives. This not only impacts consumers, but also enterprises, as it is expected that over 50% of all organizations will have some form of IoT in operation in 2019. The number of IoT-connected devices has risen exponentially, and that growth shows no sign of slowing as Gartner forecasts that more than 20 billion internet-connected appliances and machines will be in use by 2020 — a number that, even now, has surpassed the world’s population. With more and more companies developing internet-enabled devices ranging from doorbells and security cameras to refrigerators and thermostats, it comes as little surprise that threat actors are discovering new vulnerabilities and developing new ways to exploit them.
The two newest versions of Android are vulnerable to a permissions feature being exploited by ransomware and banking malware.
Security firm Check Point has examined Android’s permission model and discovered it contains an odd bug that has become a favorite tool for ransomware, adware, and banking trojans to hijack victims’ screens with phishing pages and extortion demands.
This problem stems from an extremely sensitive permission in Android 6.0 Marshmallow, the most widely used version of Android, called SYSTEM_ALERT_WINDOW. The permission allows an app to create windows that overlay all other apps.