Want to share with your friends too?

Science
13 Aug 2018

Android apps wrongly using SD Card might lead to hacking

External storage vulnerability in Android might allow hacking

In another discovery which raises concerns about cybersecurity, security firm Check Point has found a flaw that lets hackers take advantage of Android apps that make poor and unprotected use of external storage.

This exploit could allow hackers to install malware, make apps crash, and prevent other legitimate apps from running.

Here's all about the risks, and how you can protect yourself.

In context

External storage vulnerability in Android might allow hacking
First, the basics of storage on Android devices

Internal v/s External

First, the basics of storage on Android devices

Android apps have two options for storage - a secure, internal storage, and a less secure external SD card-based storage.

While a phone's internal storage is carefully secured, external storage allows data to be shared between apps and doesn't have the same security.

Albeit this doesn't always translate to a security threat, developers who use external storage wrongly might give hackers a way in.

Attack

How attackers can leverage the external storage vulnerability

Researchers from Check Point found that some Android apps were unnecessarily relying on unprotected external storage, and didn't even bother to verify the data that came in from SD cards.

This allows attackers to get users to install seemingly innocuous apps, and get permission to use external storage (which is widely regarded as not suspicious).

Once the permission is granted, hackers can exploit it.

Love Tech news?

Stay updated with the latest happenings.

Notify Me

Details about the 'man-in-the-disk' attack

Details

Details about the 'man-in-the-disk' attack

Check Point dubbed such potential attacks "man-in-the-disk" attacks.

Using it, malicious apps with the permission to use external storage can monitor, and if required, overwrite data between a device's external storage and other apps.

Notably, Check Point also found that Google Translate, Google Voice Typing, and Xiaomi Browser, among other un-notable apps, also didn't verify the integrity of data from external storage.

Protection

How you can protect yourself from potential attacks

Check Point had notified Google and Xiaomi of its findings pertaining to their apps' misuse of external storage.

While Google released a fix shortly, Xiaomi hasn't responded yet.

Meanwhile, what you can do to avoid falling prey to such attacks is to avoid downloading strange, unverified apps from Google Play Store.

Beyond that, there's not much to be done.

Ask NewsBytes
User Image

Next Timeline