This extraordinarily named attack is said to allow a third party application to take control over or crash other apps and (or) run a malicious code in the phone.
According to ‘Check Point Research’, there is, apparently, a design flaw in the Android’s Sandbox, which is leading to the external storage of the Android phones to be a paved pathway towards the MitD attack. These attacks, possibly, could have hazardous results. Hidden installations of unwanted, malicious and unrequested applications, denial of service to other genuine apps and crashing down of the applications, to name a few, are some of the outcomes. This might lead to the injection of infected code that might make the application run in the way the attacker wants.
When irresponsible and heedless users let any unknown application use their storage, these kinds of attacks are all the more likely to happen.
Basically, any of the apps available on the store could have the ability to interfere with the storage data of another app, which is one of the very causes of this attack. Moreover, without caring much about the security hazards users very carelessly allow the apps the access to their storage.
Several tests were conducted, during one of which, the Check Point researchers succeeded in creating a malicious app that could give the impression of being a flashlight app. That app was then used by the researchers to gain access to the external storage space. Two types of attacks were accomplished by the end of the various tests, one of them could crash other applications and the other could update applications into their malicious forms.
In the first type of attack, there is an invasion in another app’s external storage files by insertion of malicious data which results in the crashing of the application. This attack could exploit the rival apps and could easily take advantage of the faulty design and malicious codes could be injected within.
The crashed app will ask for more permissions than the original one and if so, the attacker would have a chance to bum up his ability to approach more sensitive features. These permissions are such that are not at all received by the original app.
There exist applications that put update files into the external storage, before the update is done. Those files could be easily replaced with the malicious versions of themselves or a third party application, altogether. This is what the case is, in the second type, when the apps get updates; there is an attacker app that supervises the space of the external storage.
1. When dealing with data from the external storage, perform input validation.
2. External storage should not be filled with class files or ‘executables’.
3. Preceding the dynamic loading the external storage files must be signed and cryptographically verified.
Some pretty popular apps were detected with the two types of ‘Man-in-the-disk’ attack, according to Check Point. To cite some examples, Google Translate, Yandex Search, Yandex Translate, Google Voice Typing and the super trendy Xiaomi are the applications that are exposed to the malicious update type attack.
The primary reason, these Android apps are being attacked is that the application developers have carelessly overlooked the Android Security Guidelines that include the basic methods for working with external storage.
Xiaomi decided not to take this ‘Man-in-the-disk’ situation into hand whereas, quite fortunately, Google, realizing the issue, has already released a patch for the affected applications.