Security firm reports that external storage can be used to hijack Android apps

Security firm reports that external storage can be used to hijack Android apps
Many users have additional storage on their smartphones, usually in the form of an SD card, where they store photos, music and other bulkier files. Some apps use that external storage for system files as well, despite being outside of Android’s native security protocols. The Android Sandbox protection is meant to prevent tampering with the files of each app, but it only covers the internal storage of a device.

The software security company Check Point released a report about a vulnerability in the way some apps are using the external storage that can be exploited to gain access to their permissions or even install malware.

External storage is sort of a free-for-all space and files stored there can be accessed by multiple apps. Because of that, Google has posted guidelines for developers using external storage for their apps, suggesting a few safety rules like encrypting files or validating any non-encrypted files before using them.

According to the report, despite Google having these guidelines, even some of its own apps weren’t adhering to them and were vulnerable to the so called “Man-in-the-Disk" attack. The best-known ones are Google Translate, Google Voice Typing and Google Text-to-Speech.

The attack can be performed if the user installs an app that can look harmless but has malicious code in it. The app would require access to the external storage, which is common, and most people allow. The malware app then modifies the files of the targeted app and the next time it uses the files, it’s accessing the modified ones. What the modified files do depends on what the attacker’s goal is, but it can be anything from simply crashing the app to changing permissions and extracting user information from within the app.

If an app is using the external storage to save update files, the malware can access and change them so that while updating, the compromised app is actually installing a completely separate app that the user doesn’t want.

After the problem was found, the company contacted Google and it has since fixed the vulnerability on its own software. However, Check Point could only test a limited number of apps, so many more are potentially still open to that exploit. Users are advised to double check the credibility of the apps they are installing.

source: Check Point via Engadget

FEATURED VIDEO

5 Comments

1. cmdacos

Posts: 3872; Member since: Nov 01, 2016

Wake me when someone is actually affected by this...

4. Finalflash

Posts: 4062; Member since: Jul 23, 2013

Only a matter of time buddy. Someone will disable security, install an app from a third party source, give it the proper permissions, add milk, eggs, bake the phone and then be hacked and lose all their nudes iCloud style. This is why iPA is the top tech publication, always on top of things.

5. cmdacos

Posts: 3872; Member since: Nov 01, 2016

You forgot the /s after all of your comments...

2. AfterShock

Posts: 4146; Member since: Nov 02, 2012

So, you need to install malware to be effected by further malware. Security researchers find your phone can be compromised if you install malware, don't install malware I guess.

3. worldpeace

Posts: 3099; Member since: Apr 15, 2016

Why would apps use external storage for system file? Did that apps will stop working if I remove the external storage?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.