Android Man in the Disk Vulnerability
August 2018 by Check Point
Check Point researchers have found a flaw in the design of Android’s Sandbox, which is a secure data storage area on Android devices that prevents malicious apps from affecting other apps or even harming the OS itself.
Some applications do not store data in the Android Sandbox, but instead store data in external storage (either a partition in the device’s storage or an external SD card). This potentially enables an attack, such as silent installation of unrequested, potentially malicious, apps to the user’s phone, denial of service for legitimate apps, and even cause applications to crash, opening the door to potential code injection that could then run in the privileged context of the attacked application.
Applications vulnerable to this attack include Google Translate, Yandex Translate, Google Voice Typing, LG Application Manager, LG World, Google Text-to-Speech and Xiaomi Browser.
The vulnerability works like this:
1) An Android device’s External Storage is a public area which can be observed or modified by a third party (malicious) application.
2) Android does not provide built-in protections for the data held in the External Storage. It only offers developers guidelines on proper use of this resource.
3) Developers anywhere are not always versed in the need for security and the potential risks, nor do they always follow guidelines.
4) Many pre-installed and popularly used apps ignore the Android guidelines and hold sensitive data in the unprotected External Storage.
5) This can lead to a Man-in-the-Disk attack which can result in the manipulation and/or abuse of unprotected sensitive data.
6) Modification to the data can lead to unwelcome results on the user’s device.