Many Android Devices At Risk of Man-in-the-disk Attack !

Many Android Devices At Risk of Man-in-the-disk Attack !

Security researchers at Check Point Software Technologies have discovered a new attack vector against the Android operating system that could potentially allow attackers to silently infect your smartphones with malicious apps or launch denial of service attacks.

At Defcon 2018, we have so far witnessed many innovative forms of compromising devices including electoral voting machines. However, this latest revelation “Man-in-the-disk Attack” is quite surprising and to a great extent concerning for Android users.

According to researchers at CheckPoint security firm, the new attack method dubbed as Man-in-the-disk can exploit storage protocols of third-party apps to crash the mobile phone. It is indeed a novel technique because so far storage systems have been overlooked by security researchers and developers. This leaves the devices at risk of Man-in-the-disk attack. There will be drastic consequences of this attack, researchers claim.

After the app is installed, the attacker can easily monitor whatever is written to the external storage. If an attacker wants, he can modify or even remove/replace data with something else.

Google itself offers guidelines to Android application developers urging them to use internal storage, which is an isolated space allocated to each application protected using Android's built-in sandbox, to store their sensitive files or data.

For your information, there are two types of storage systems in an Android phone, internal and external. Internal storage is protected via a dedicated sandbox. Conversely, the external storage mechanism utilizes a removable SC or microSD card. It is the external storage that is shared across the OS since it allows data transfer between apps. Whatever you send or receive through an app, will be stored in the external storage.

"While the buffer overflow vulnerabilities were generated by careless developers everywhere, it wasn’t until OS and CPU makers took a stand against this, introducing DEP and ASLR protections, that the problem was averted. In the heart of this was the realization that developers cannot always be trusted to follow security guidelines, explained CheckPoint."

The problem is that there aren’t any built-in protections against sharing compromised or infected data. Google has provided developer guidelines in this regard to ensure best security practices. Such as it developers much not allow critical data files and executable files to be stored in the external storage. Moreover, external storage files must be cryptographically signed and verified before dynamic loading.

These guidelines are often ignored by developers; probably they aren’t fully aware of the probable security risks associated with it. CheckPoint researchers identified that about half of the Android apps available on Google Play did not comply with Google’s developer guidelines. In fact, even Google’s own developers didn’t follow them because researchers identified non-compliance issues in Google’s apps too. These include Google Translate, Google Text-to-Speech, and Google Voice Typing.  Other apps examined by researchers were Yandex Translate and Xiaomi Browser.