Cybersecurity is a key part of how we experience technology nowadays. We are so concerned about our privacy and about taking the necessary steps to keep us and our information safe that oftentimes we forget that it is not necessarily up to us. Our phones are our lifeline and connection to the world, but now, according to Microsoft, they might also be the reason why others have access to us. They discovered a vulnerability known as “Dirty Stream” allows harmful apps to take control of trusted ones especially in high end Android phones.
Of course, at the time of writing this article, the flaw has been patched and there is no more risk to your personal data, but whatever was accessed before the patch was installed is at the hands of whoever broke the code. Having said that, and even if you were not affected, it is important that you keep reading as you never know when information might come in handy.
The Android App hijack
Many popular Android Apps use a ContentProvider system which manages information and ensures that it can be shared safely across the different Apps on your phone. Because of the amount of personal information this ContentProvider has access to, it is full of safeguards such as strict isolation of data, unique permissions attached to specific URIs (Uniform Resource Identifiers), and path validation security.
While this should have been enough to keep your data safe, Dirty Stream manipulated the system and created “custom intents” to bypass these security measures. This means that it took advantage of Android’s internal messaging system to allow a malicious app to send a file with a deceptive name or path to another App, disguising harmful code as something harmless.
Once received, the targeted App may unknowingly overwrite essential files in its secure storage, opening the door to serious consequences. As explained by BleepingComputer, the vulnerability turns a basic Android function into a method for running unauthorized commands, stealing private data, or even taking full control of the App without the user knowing.
In a security bulletin this week Microsoft explained “Arbitrary code execution can provide a threat actor with full control over an application’s behavior. Meanwhile, token theft can provide a threat actor with access to the user’s accounts and sensitive data.”
This was not an isolated issue, many popular Android Apps had this code slipped into them, as Microsoft continued “We identified several vulnerable applications in the Google Play Store that represented over four billion installations. We anticipate that the vulnerability pattern could be found in other applications.”
It is difficult to put number on the Apps that have been affected, but it is safe to assume that almost all popular Apps were infiltrated before the bug was discovered. That is why it is extremely important to be vigilant and avoid installing unnecessary Apps on your device. The more Apps you have, the more they communicate and the more chances there are for your data to be compromised.
Additionally, installing new security updates and patches as soon as they become available is a good way to protect your privacy, as older Apps with no protection are more likely to be targeted as vulnerable and thus compromise the entirety of your storage. Same for phone security updates. While having the latest model always is unnecessary, once your phone stops receiving security updates it is time to upgrade it, as these updates are what keep firewalls up to date with the latest codes to block attacks. It is also a good idea to ensure that Google Play Protect is turned on, as it actively scans both installed apps and new downloads for potential threats.