HQ/EMEAFind out how we can help your business
Microsoft revealed a new cybercriminal technique, “Dirty Stream,” which could allow malicious Android apps to rewrite files in another application’s home directory to execute arbitrary code execution and theft.
Based on reports, the issue occurs from the inappropriate usage of Android’s content provider system, which controls access to structured data sets that multiple applications should share. This system is critical to Android apps as it uses data isolation, URI permissions, and path validation security features to prevent unauthorised access, data leaks, and path traversal attacks.
Custom intents, which are message objects that allow communication between components throughout Android apps, have the potential to bypass these security mechanisms if not adequately developed by developers.
These incorrect implementations include relying on unvalidated filenames and paths in intents, misusing the ‘FileProvider’ component, and failing to validate paths properly.
The Dirty Stream technique can deliver a malicious file through these incorrect practices.
These malicious apps can use Dirty Stream to deliver a file with a modified filename or path to another app via a custom intent. The target program is tricked into believing the filename or location and executes or puts the file in a vital directory.
Modifying the data run between two Android apps transforms a normal OS-level function into a malicious tool that could potentially lead to illegal code execution, data theft, or other illicit activities.
Unfortunately, these improper implementations are common, affecting over four billion programs. In addition, Microsoft claimed they had identified several vulnerable applications in the Google Play Store that represented over four billion installations.
They anticipate that the vulnerability could already be within other applications. This vulnerability is the reason why Microsoft has shared this research. So, developers and publishers can check their apps for similar issues, fix them as appropriate, and prevent introducing such vulnerabilities into new applications.
Furthermore, Microsoft’s discoveries are already in the Android developer community through an article on the Android Developers website to help prevent similar vulnerabilities in future developments.
Google also revised its app security guidelines to highlight typical implementation flaws in the content provider architecture that enable security bypasses.
