Microsoft researchers have identified a vulnerability pattern in the Android ecosystem. The vulnerability allows malicious apps to access and write data in the home directories of compromised apps. Fixes have been deployed by some apps, but more may be affected.

Microsoft researchers have identified a security vulnerability in the Android ecosystem dubbed ‘Dirty Stream’. (Image Credit: Bing Image Creator/News9).

Key Highlights

  • 73 per cent of all Android devices are vulnerable to the attack.
  • The vulnerability originates from faulty configuration when sharing files between apps.
  • The attack allows for compromising the device and stealing data.

New Delhi: Microsoft researchers have discovered a vulnerability pattern dubbled ‘Dirty Stream’ in popular Android applications. The vulnerability allows a malicious app to overwrite files in the home directory of a compromised app. At the time of the discovery, the vulnerability pattern was present in at least four applications on the Android Play Store with over 500 million installs, including the Xiaomi File Manager and WPS Office. These apps have patched and secured their apps since the disclosure.

In the Android ecosystem, each app is supposed to operate in its own protected and isolated environment, but the operating system allows for certain files and data to be shared between apps. Misconfiguration in how this is done can allow malicious actors to exploit the vulnerable apps. The Dirty Stream vulnerability allows for hackers to gain full access over the vulnerable app, execute any commands they want on the device, access the user’s accounts and steal sensitive data.

The Dirty Stream vulnerability explained

Some of the applications that need to share data include mail clients, social networking apps, instant messaging apps, file editors, and browsers. When a user taps on the file, the Android operating system triggers a sharing dialogue, asking the user which app the resource has to be directed to. Here a malicious app can trigger the sharing initiation. Here apps may be improperly configured to blindly trust such inputs, providing malicious actors with a foothold to access the system. Once compromised, an app can be hijacked to execute custom code, or extract the personal data of users.

What can end users do to protect themselves?

The vulnerability pattern is in misconfiguration of apps, which requires developers to update their apps. End users can best secure themselves by ensuring that all their apps are updated through the Play Store. Users should also only install applications from trusted sources. Those who used SMB or FTP shares through the Xiaomi file manager before the update have been advised to reset their credentials and investigate any anomalous behaviours.

link

By admin