Web
Android
Vulnerability
Threat Guidances
September 24, 2020

Firefox for Android Vulnerabilities

Lookout Coverage and Recommendation for Admins

Without Lookout on the device, there’s no way for a targeted individual to know this attack is taking place. Whether the attacker is trying to deliver a phishing link or install malware, Lookout will detect and protect against both types of malicious activity.

Lookout will detect outdated versions of the Android Firefox app as part of its default policy that alerts a user if an app on their device has an exploitable vulnerability. The admin can then customize the policy to set a risk level and response that align with their organization’s security policies.

Overview

A vulnerability in the Android version of the Firefox mobile app was recently discovered by an independent researcher. For Firefox v68.11.0 and below, there is a vulnerability in the Wi-Fi protocols that could allow an attacker to trigger actions on a victim’s device if the two are connected to the same Wi-Fi network.

By exploiting this vulnerability, the attacker can trigger the device to perform unauthorized functions. Some of these functions require no action by the end user, such as redirecting the Firefox browser to a phishing site. If the attacker wants to convince the target to download a malicious app, they can have the device prompt the user to do so. To create greater impact, the attacker could make this part of a larger exploit chain by using it in combination with other device or app vulnerabilities that the victim is subject to.

Lookout Analysis

In order for this attack to be successful, the target device must have a vulnerable version of the Firefox app installed and be connected to the same Wi-Fi network as the attacker. Since this vulnerability is cause by a lack of input validation for SSDP (Simple Service Delivery Protocol), the threat actor can send a crafted SSDP message to the target device to carry out the attack. Until something executes on the device and a there’s a notification on the target’s device, they wouldn’t know this was all happening.

Authors

Lookout

Cloud & Endpoint Security

Lookout is a cybersecurity company that makes it possible for tens of millions of individuals, enterprises and government agencies to be both mobile and secure. Powered by a dataset of virtually all the mobile code in the world -- 40 million apps and counting -- the Lookout Security Cloud can identify connections that would otherwise go unseen and predict and stop mobile attacks before they do harm. The world’s leading mobile network operators, including AT&T, Deutsche Telekom, EE, KDDI, Orange, Sprint, T-Mobile and Telstra, have selected Lookout as its preferred mobile security solution. Lookout is also partnered with such enterprise leaders as AirWatch, Ingram Micro, Microsoft, and MobileIron. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C.

Platform(s) Affected
Web
Platform(s) Affected
Android
Threat Type
Vulnerability
Entry Type
Threat Guidances
Platform(s) Affected
Web
Android
Vulnerability
Threat Guidances

Related Content

CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack

Lookout recently discovered an advanced phishing kit exhibiting novel tactics to target cryptocurrency platforms as well as the FCC via mobile devices.

Read Threat Article

BancaMarStealer

A customizable Malware-as-a-Service banking trojan delivered through any app with messaging capabilities.

Read Threat Article

Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy

Researchers at the Lookout Threat Lab have discovered a new Android surveillance tied to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA).

Read Threat Article

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell