Microsoft Warns Billions Of Android Users At Risk For Dirty Stream Attacks
On May 1st, Microsoft posted a security blog post regarding what it calls the “Dirty Stream attack.” This attack hinges on a subsection of an application that enables file sharing between installed apps, which can be made malicious and used instead of the standard FileProvider class in the Android software development kit. Further, apps that receive files often do not “validate the content of the file that it receives” and use “the filename provided by the serving application to cache the received file within the consuming application’s internal data directory.”
In one example, this concept could be used to leak secrets or upload files where they shouldn’t be. Share targets are Android apps that are self-declared to “handle data and files sent by other apps,” and with Dirty Stream, a malicious app could “send a file directly to a share target with a malicious filename and without the user’s knowledge or approval.” In other examples, a malicious application could get access to SMB or FTP shares by retrieving plaintext credentials stored on a device.
Beyond just the hypothetical, Microsoft also discovered this vulnerability pattern in several then-current Android apps on the Google Play Store. This included four apps with over 500 million installations each, but the two examples used were Xiaomi Inc’s File Manager, with 1 billion installs, and WPS Office, with 500 million. Thankfully, vendors have worked with Microsoft to fix the issues and have updated their respective apps.
While these companies can go and address the issues at hand, it is up to the consumer to update their phone regularly. Checking not only for system updates, but also app updates regularly can keep you secure and not worrying about what vulnerability may come next.