A new security flaw in Android allows hackers to take control of apps

A new security flaw in Android allows hackers to take control of apps

Another day, another new Android malware has appeared, with Microsoft sounding the alarm about the recently discovered "Dirty Stream" critical security vulnerability in Android To make matters worse, the flaw affects multiple apps with hundreds of millions of installations If you have the best Android phone, here's what you need to know to protect your data

The vulnerability concerns the ContentProvider system, which is prevalent in many popular Android apps and manages access to structured data sets intended to be shared between different applications ContentProvider is basically, Android applications to talk to each other and share files To protect users and prevent unauthorized access, the system includes safeguards such as strict separation of data, unique permissions attached to specific URIs (Uniform Resource Identifiers), and path verification security

What makes the Dirty Stream vulnerability so malicious is how this system can be manipulated Microsoft discovered that hackers can bypass these security measures by creating "custom intents," which are messaging objects that facilitate communication between components throughout an Android app By exploiting this loophole, a malicious app can use custom intents to send files with manipulated file names and paths to another app, sneaking in harmful code under the guise of legitimate files

From there, a hacker can trick a vulnerable app into overwriting critical files in its private storage space; as BleepingComputer puts it, dirty streams are essentially a common OS-level feature that allows users to turns them into weaponized tools for executing malicious code without the user's knowledge, stealing data, and even hijacking apps [By executing arbitrary code, the threat actor has complete control over the application's behavior On the other hand, once the token is stolen, the threat actor gains access to the user's account and sensitive data"

According to Microsoft's research, this vulnerability is not an isolated problem The company discovered a rogue implementation of the content provider system that is prevalent in many popular Android apps

"We identified several vulnerable applications in the Google Play store, representing over 4 billion installations," Microsoft explained We anticipate that this pattern of vulnerabilities may be discovered in other applications as well"

Microsoft cites two examples of popular applications that were susceptible to this risk and subsequently patched: Xiaomi Inc's File Manager (1B+ installs) and WPS Office (500M+ installs)

Due to the nature of how this vulnerability works, it is difficult to know exactly how many other legitimate apps were affected However, until all apps are patched, it is safe to assume that this potential risk is industrial scale

To prevent potentially harmful malware from infecting your Android device, the first and easiest step is to avoid sideloading apps altogether While it may seem convenient, and certain apps may require side-loading, most people can find what they need in official app stores such as the Google Play Store, Samsung Galaxy Store, and Amazon Appstore

The reason you don't want to sideload apps is that they don't go through the same stringent security checks as apps hosted on official stores Therefore, it is important to rely on trusted sources to download apps in order to protect your device from malware

Next, you need to make sure that Google Play Protect is enabled on your Android smartphone The Play Store, which is preinstalled on most phones, will scan both existing and newly downloaded apps for viruses Likewise, you can also install one of the best Android antivirus apps for additional protection and additional features to keep you safer online

Categories