Wednesday, February 19, 2025
HomeAndroidMan-in-the-Disk Attack Shows How External Storage by App Opens An Android Phone...

Man-in-the-Disk Attack Shows How External Storage by App Opens An Android Phone To Serious Attacks

Published on

SIEM as a Service

Follow Us on Google News

The Man-in-the-Disk Attack open’s a new attack surface that would allow an attacker to replace, or to manipulate the data that stored on the External Storage.

These attacks are possible when app use External Storage without performing proper validations. Man-in-the-Disk allows an attacker to perform a silent installation of malicious apps to the user’s phone, DoS attack over legitimate apps, code injection and it also cause applications to crash.

Check Point security Slava Makkaveev presented the DefCon security conference Sunday. “We have witnessed cases where an app was downloaded, updated or received data from the app provider’s server, which passed through the External Storage before being sent on to the app itself allows attackers to manipulate the data held in the External Storage before the app reads it again.”

Storage Types

With the Android OS, there are of two types of storage resources the Internal and the External storage.

Internal Storage

The internal storage by default stores the internal app data which is properly organized and segregated the file system for each app and once the user uninstalls the apps the data will be removed.

External storage

The external space mostly the SD cards, it doesn’t have Android built-in Sandbox protection and the resource is shared across all the applications. The Android application developers documentation provides guidelines on how the external storage for apps to be managed. If the guidelines not followed it leads to Man-in-the-Disk Attack.

Man-in-the-Disk Attack Flow

Attackers convince the user to install a legitimate app that contains attackers script which in turn asks user permission for external storage, once the user granted permission the attacker monitor the data transfer between the user device and external storage.

By having the access to the data transfer attackers can overwrite the data, intercept traffic and even cause the application to crash. Attackers can even inject the code’s to escalate the privileges to access the camera, microphone, contacts, Gallery and other parts.

Man-in-the-Disk

Slava Makkaveev tested the new attack surface with following applications Google Translate, Yandex Translate, Google Voice Typing, Google Text-to-Speech, Xiaomi Browser and other applications.

With the apps, Google Translate, Yandex Translate, and Google Voice Typing researchers failed to the valid integrity of the data that leads to application crash.

In the Xiaomi Browser app, the attack result’s in installing an alternative application instead of the legitimate update.

While it is clear that these design shortcomings leave Android users potentially vulnerable to cyber threats, app developers should follow the Android’s developers guidelines and to build the app by having security in mind says Slava Makkaveev.

Checkpoint published a blog post with Technical details on how Android Apps Exposed via External Storage.

Also Read

Most Important Android Application Penetration Testing Checklist

Mobile Security Testing to Protect Your Applications From Cyber Threats

Most Important Android Security Penetration Testing Tools for Hackers & Security Professionals

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CISA Warns of Active Exploitation of SonicWall SonicOS RCE Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding...

CISA Issues Warning on Palo Alto PAN-OS Security Flaw Under Attack

CISA and Palo Alto Networks are scrambling to contain widespread exploitation of a critical...

Surge in IRS and Tax-Themed Cyber Attacks Driven by Fresh Domain Registrations

The months of January through April, marking the U.S. tax season, have seen a...

Critical Flaw in Apache Ignite (CVE-2024-52577) Allows Attackers to Execute Code Remotely

A severe security vulnerability (CVE-2024-52577) in Apache Ignite, the open-source distributed database and computing...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Android’s New Security Feature Prevents Sensitive Setting Changes During Calls

Phone scams are becoming more sophisticated with advancements in AI-driven speech tools, making it...

RedNote App Security Flaw Exposes User Files on iOS and Android Devices

Serious security vulnerabilities have been uncovered in the popular social media and content-sharing app,...

BADBOX Botnet Surges: Over 190,000 Android Devices Infected, Including LED TVs

The BADBOX botnet, a sophisticated malware operation targeting Android-based devices, has now infected over...