Home » » Apps that make sloppy use of SD cards leave your phone vulnerable to hackers

Apps that make sloppy use of SD cards leave your phone vulnerable to hackers

No comments

Android apps that make careless use of external storage (such as SD cards) could leave your phone vulnerable to hackers.

Your phone's internal storage is carefully managed – each app uses it separately, and it's protected by the Android sandbox. External storage, like SD cards, is different. It allows data to be shared between apps and doesn't have the same protection.

Researchers from Check Point Security discovered that apps that use external storage without proper security precautions leave devices vulnerable to 'Man-in-the-Disk' attacks. These could allow a hacker to install malware, prevent legitimate apps from running, and even make apps crash.

External affairs

A developer might use external storage to make it look as though their app uses less space than it actually does, to make it compatible with older devices, or to provide extra space when the phone's internal storage isn't enough.

Google provides some basic guidelines for developers who decide to do this:

  • Perform input validation when handling data from external storage
  • Do not store executables or class files on external storage
  • External storage files should be signed and cryptographically verified prior to dynamic loading

However, Check Point found several apps in the Google Play Store that ignored these rules, including two of Google's own tools: Google Translate and Google Voice Typing. Neither of these apps validated the integrity of data from external storage, and the researchers were able to exploit that vulnerability to make them crash.

They also discovered that Xiaomi Browser used external storage to store app updates. By replacing the update code, they were able to cause a different app to be installed without permission. Check Point contacted Google, which released a fix shortly after, but XIaomi chose not to act.

"From experience then, it would seem that mere guidelines are not enough for OS vendors to exonerate themselves of all responsibility for what is designed by app developers," Check Point said. "Instead, securing the underlying OS is the only long-term solution to protecting against this new attack surface uncovered by our research."

Via Wired



from TechRadar - All the latest technology news https://ift.tt/2vYXb8q
Share:

Related Posts:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us