Approximately a billion Android users have been threatened by a new malware infection. The latest security alert comes from Microsoft's team who discovered a new vulnerability that may give hackers complete control of your smartphone. The latest security alert is triggered by the discovery of a new security flaw which can allow hackers complete access to users' devices.
Security vulnerabilities in multiple Android apps discovered last week by Microsoft could be exploited to gain access to apps and sensitive information on a mobile device without the user's permission. As it turns out, the security flaw is not caused by the system code itself but instead by developers who improperly use the system, leading to loopholes that can be exploited by malicious actors.
It is important to note that Google has been made aware of this flaw, and it has taken steps to inform the Android app developer community about the issue. This flaw is caused by improper use of Android's content provider system, which facilitates the sharing of structured data sets among different applications via a mechanism called the content provider system.
To prevent unauthorized access, data leaks, and path traversal attacks, this system incorporates data isolation, URI permissions, and path validation security measures. Earlier this week, Microsoft Threat Intelligence published a post on its Security Blog stating, “Microsoft discovered a path traversal vulnerability pattern related to multiple popular Android apps.
This vulnerability can be exploited to overwrite files located within the home directory of vulnerable Android applications.” Additionally, the researchers noted that the vulnerability was found in several apps on Google Play with over four billion installations in total, revealing an important fact about the vulnerability. It is possible to bypass these security measures when custom intents, which are messaging objects that facilitate communication between components across multiple Android apps, are implemented incorrectly.
Intents that are incorrectly implemented include trusting unvalidated filenames and paths, using the 'FileProvider' component incorrectly, and ignoring path validations properly. A malicious application can use Dirty Stream to send manipulated files to another app using a custom intent, but this method requires a custom intent to be used. A malicious application is tricked into trusting a filename or path and executes or stores the file in a critical location after being fooled into believing it.
A common OS-level function can be transformed into a weaponized tool when it is manipulated between two Android apps and may result in unauthorized code execution, data theft, or another malicious outcome resulting from the manipulation of the data stream.
To secure data exchange between different applications on a smartphone, the content provider system on Android is designed to protect data when a developer incorrectly uses it.
Several security measures are used to prevent unauthorised access to the application by apps as well as by anyone else who may be trying to break into the app. These measures include data isolation, URI permissions, and path validation, among others.
There is one major issue related to the implementation of the system, however, and that is the custom intents component of the system. The various messaging objects in the app are what enable the app to communicate with each other two-way to accomplish their goals. As long as this vulnerability exists, apps can ignore the security measures introduced to prevent data theft, allowing other apps (or hackers under their control) to access sensitive information stored inside of them.
Dirty Stream's deviousness comes from how it manipulates the system to exploit it in such a devious way.
It has been found that hackers have been able to create custom intents to bypass these security measures via messaging objects, which enable communication between components across Android apps, which are distributed across different apps.
A malicious app being able to exploit this loophole allows it to send files to another app using a custom intent, allowing harmful code to be sent disguised as legitimate files to sneak into the system.
Upon a hacker succeeding in fooling a vulnerable app into overwriting critical files within its private storage space, they can then cause the app to be compromised - and the consequences can be devastating. Dirty Stream allows bots to hijack apps, execute unauthorized code, steal data, and even hijack apps without the user being aware of any of this, according to BleepingComputer, which describes it as an OS-level attack tool that can behave like a normal one.
Xiaomi's File Manager application, which has more than a billion installations worldwide, and WPS Office, which has more than 500 million installs, are two apps which have been highlighted within Microsoft's report as being vulnerable to Dirty Stream attacks. Both companies responded to the findings and collaborated with Microsoft to deploy patches to mitigate the risks posed by the vulnerabilities that had been discovered.
Through an article published on the Android Developer's website, Microsoft shared its findings regarding similar vulnerabilities with the Android developer community to prevent the disclosure of similar flaws in future releases.
Google has recently revised its app security guidelines to underscore prevalent implementation errors within the content provider system, which could potentially facilitate security breaches.
Regarding end users, while their proactive measures may be limited, there are still actionable steps they can take to bolster their security posture. Primarily, users should prioritize maintaining the latest versions of the applications they utilize, as updates often include patches for known vulnerabilities. Furthermore, users must exercise caution when sourcing applications, avoiding downloading APKs from unofficial third-party app repositories and other inadequately vetted sources. By adhering to these precautions, users can significantly reduce their exposure to security risks associated with app usage on the Android platform.