Check Point Research has found a design flaw in Android's Sandbox that allows external storage to be used as a cyber attack opportunity.
These attacks could lead to undesirable results, such as the unattended installation of potentially malicious apps for the user's phone
. They could be used for denial of service for legitimate applications. They could even crash applications, opening the door to a possible code injection that could then run in the privileged context of the attacked application.
These "man – in – the – disk" attacks are made possible by applications. Www.germnews.de/archive/gn/1999/01/12.html They carelessly deal with shared storage, which is not the sandbox ̵
Within the Android operating system, there are two types of storage: the internal storage, which each application
uses separately and which is disconnected from the Android sandbox; and external storage, often via an SD card or a logical partition within the device's memory shared by all applications.
External memory is used primarily to share files between applications. For example, for a messaging app to send a photo from one person to another, the application must have access to the media files contained in external storage.
There are other reasons why an app developer would choose the external storage rather than the internal sandbox. Such reasons range from a lack of sufficient internal memory capacity, backward compatibility considerations with older devices, or the desire for the app not seemingly to consume too much space, to the mere laziness of the developer.
Whatever the reason When using the external memory, certain precautions are required. Google's Android documentation states that application developers will be advised on how to use the external storage in their apps. Some of these guidelines include performing validation tests, saving non-executable files to external storage, and ensuring files are signed and cryptographically checked before loading.
"However, we have seen some examples that Google and other Android vendors do not follow these guidelines," said Check Point. "And here's the man-in-the-disk attack surface, which provides a way to attack any app that improperly stores data in external storage."
Such attacks download, update or receive data from a server. It is forwarded through an external store and then sent to the app itself.
Attackers can enter and interfere with data stored on external storage. With an innocent-looking app the user has downloaded, the attacker can monitor and overwrite data transferred between another app and external storage with other data.
After downloading the attacker's "innocent-looking" app you'll be asked to give the app permission to access the external storage. This is completely normal when apps are requested. The malicious code of the attacker would then begin to monitor the external memory and all data stored there.
In this way, the attacker has a "man-in-the-disk" looking for ways to intercept the traffic and information needed by the user, other existing apps to manipulate or crash them.
The results of the attacks can vary depending on the wishes and expertise of the attacker. Check Point demonstrated the ability to silently install an unwanted application without the user's permission. It could also crash an app and inject code to take over permissions granted to the attacked application. Then it could escalate privileges and gain access to other parts of the user device such as the camera, the microphone, its contact list, and so on.
Applications tested for this new attack surface included Google Translate, Yandex Translate, Google Voice Typing, LG Application Manager, LG World, Google Text-to-Speech, and Xiaomi Browser
In the case of Google Translate, Yandex Translate and Google Voice Typing have ignored the above policy for certain developers. Certain files needed by the apps may be compromised by the attack, causing the application to crash. LG Application Manager and LG World have disregarded the second policy above and are therefore vulnerable to attack by attackers who may be downloading alternative unsolicited apps.
And finally, Google allowed Text-to-Speech and Xiaomi Browser to Man (19659002) "While it's clear these design flaws are potentially susceptible to cyber threats for Android users, it's less clear who's really into which Responsible job is the responsibility to repair them, "said Check Point. "Although the developers of Android have developed guidelines for app developers to make sure their apps are secure, they also need to be aware that developers are well aware that
they can not safely create their applications On the other hand, and knowing this above, are there any more ways that Android offers to protect its operating system and the devices that use it? "