External storage vulnerability in Android might allow hacking


13 Aug 2018

Android apps wrongly using SD Card might lead to hacking

In another discovery which raises concerns about cybersecurity, security firm Check Point has found a flaw that lets hackers take advantage of Android apps that make poor and unprotected use of external storage.

This exploit could allow hackers to install malware, make apps crash, and prevent other legitimate apps from running.

Here's all about the risks, and how you can protect yourself.

Internal v/s External

First, the basics of storage on Android devices

First, the basics of storage on Android devices

Android apps have two options for storage - a secure, internal storage, and a less secure external SD card-based storage.

While a phone's internal storage is carefully secured, external storage allows data to be shared between apps and doesn't have the same security.

Albeit this doesn't always translate to a security threat, developers who use external storage wrongly might give hackers a way in.


How attackers can leverage the external storage vulnerability

Researchers from Check Point found that some Android apps were unnecessarily relying on unprotected external storage, and didn't even bother to verify the data that came in from SD cards.

This allows attackers to get users to install seemingly innocuous apps, and get permission to use external storage (which is widely regarded as not suspicious).

Once the permission is granted, hackers can exploit it.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify Me


Details about the 'man-in-the-disk' attack

Details about the 'man-in-the-disk' attack

Check Point dubbed such potential attacks "man-in-the-disk" attacks.

Using it, malicious apps with the permission to use external storage can monitor, and if required, overwrite data between a device's external storage and other apps.

Notably, Check Point also found that Google Translate, Google Voice Typing, and Xiaomi Browser, among other un-notable apps, also didn't verify the integrity of data from external storage.


How you can protect yourself from potential attacks

Check Point had notified Google and Xiaomi of its findings pertaining to their apps' misuse of external storage.

While Google released a fix shortly, Xiaomi hasn't responded yet.

Meanwhile, what you can do to avoid falling prey to such attacks is to avoid downloading strange, unverified apps from Google Play Store.

Beyond that, there's not much to be done.

Share this timeline




Mobile Apps

Cyber Security

Data Protection

Cyber Crime


Check Point


Google Play Store

Google Translate

Google Voice Typing

SD Card


Xiaomi Browser

Share this timeline

Ask NewsBytes
User Image

Next Timeline