All Android owners warned over invisible attack that can empty accounts without you realising
ANDROID owners have been warned over an invisible attack that can empty accounts with you realising.
Microsoft researchers recently discovered many Android apps could be vulnerable to remote attacks, data theft, and other issues because of a common security weakness.
At least four of the apps affected have more than 500 million installations each.
And one, Xiaomi’s File Manager, has at least 1 billion installations from Android users.
The issue that Microsoft discovered affects Android applications that share files with other applications.
Known as “Dirty Stream” it allows malicious apps to send a file with a manipulated filename or path to another app.
This gives attackers an opening to create a rogue app that can send a file with a malicious filename directly to a receiving app without the user’s knowledge or approval.
Typical file share targets include email clients, messaging apps, networking apps, browsers, and file editors.
When a share target receives a malicious filename, it uses the filename to trigger a process that could end with the app getting compromised, Microsoft said.
The target app is misled into trusting the filename or path and executes or stores the file in a critical directory.
This manipulation of the data stream between two Android apps turns what is a common function into a weaponised tool.
The potential impact will vary depending on an Android application’s specifics.
In some cases, an attacker could use a malicious app to overwrite a receiving app’s settings and cause it to communicate with an attacker-controlled server, or get it to share the user’s authentication tokens and other data.
Microsoft have since informed Google‘s Android security research team of the problem.
And the Silicon Valley tech giants have have now published new guidance for Android app developers on how to recognise and repair the issue.
Microsoft researcher Dimitrios Valsamaras noted that these incorrect implementations are unfortunately rife among Android users.
“We identified several vulnerable applications in the Google Play Store that represented over four billion installations,” reads the report.
It adds: “We anticipate that the vulnerability pattern could be found in other applications.
“We’re sharing this research so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent introducing such vulnerabilities into new apps or releases.”
Two apps which have particularly vulnerable to Dirty Stream attacks are Xiaomi’s File Manager application and WPS Office, say Microsoft.
Microsoft said vendors of both products have already fixed the issue.
But it believes there are more apps out there that are fallible to exploit and compromise because of the same security weakness.
Must-know Android tips to boost your phone
Get the most out of your Android smartphone with these little-known hacks:
We anticipate that the vulnerability pattern could be found in other applications,” Microsoft’s threat intelligence team said in a blog post this week.
“We’re sharing this research so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent introducing such vulnerabilities into new apps or releases.”
Microsoft’s findings were shared with the Android developer community.
If you are an Android user, make sure you are keeping the apps you use up to date to minimise risks.
Users should also avoid downloading APKs from unofficial third-party app stores and other poorly vetted sources.