September 24, 2020
Platform(s) Affected
Web
Platform(s) Affected
Android
Threat Type
Vulnerability
Entry Type
Security Guidance
Platform(s) Affected
Web
Android
Vulnerability
Security Guidance
Lookout Coverage and Recommendation for Admins
Without Lookout on the device, there’s no way for a targeted individual to know this attack is taking place. Whether the attacker is trying to deliver a phishing link or install malware, Lookout will detect and protect against both types of malicious activity.
Lookout will detect outdated versions of the Android Firefox app as part of its default policy that alerts a user if an app on their device has an exploitable vulnerability. The admin can then customize the policy to set a risk level and response that align with their organization’s security policies.
Overview
A vulnerability in the Android version of the Firefox mobile app was recently discovered by an independent researcher. For Firefox v68.11.0 and below, there is a vulnerability in the Wi-Fi protocols that could allow an attacker to trigger actions on a victim’s device if the two are connected to the same Wi-Fi network.
By exploiting this vulnerability, the attacker can trigger the device to perform unauthorized functions. Some of these functions require no action by the end user, such as redirecting the Firefox browser to a phishing site. If the attacker wants to convince the target to download a malicious app, they can have the device prompt the user to do so. To create greater impact, the attacker could make this part of a larger exploit chain by using it in combination with other device or app vulnerabilities that the victim is subject to.
Lookout Analysis
In order for this attack to be successful, the target device must have a vulnerable version of the Firefox app installed and be connected to the same Wi-Fi network as the attacker. Since this vulnerability is cause by a lack of input validation for SSDP (Simple Service Delivery Protocol), the threat actor can send a crafted SSDP message to the target device to carry out the attack. Until something executes on the device and a there’s a notification on the target’s device, they wouldn’t know this was all happening.
Lookout Coverage and Recommendation for Admins
Without Lookout on the device, there’s no way for a targeted individual to know this attack is taking place. Whether the attacker is trying to deliver a phishing link or install malware, Lookout will detect and protect against both types of malicious activity.
Lookout will detect outdated versions of the Android Firefox app as part of its default policy that alerts a user if an app on their device has an exploitable vulnerability. The admin can then customize the policy to set a risk level and response that align with their organization’s security policies.
Subscribe to get the latest threat reports and insights
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Other Related Threats
September 15, 2023
Scattered Spider
Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign
September 19, 2023
CVE-2023-4863
September 18, 2023