Microsoft has discovered a new cyberattack known as “Dirty Stream,” which allows malicious Android apps to overwrite files in the root directory of other apps. This issue can lead to arbitrary code execution and theft of users’ private information. The vulnerability is caused by inappropriate use of the Android content management system – content provider – which manages access to structured data dedicated to sharing between various applications. This system is equipped with security measures, such as data isolation, URI permissions and path validation to prevent unauthorized access, cyberattacks and data theft. However, as Microsoft points out, when custom intents (messaging objects that simplify communication between components of different Android apps) are poorly implemented, they become capable of bypassing the aforementioned security measures. This includes cases of accepting invalid filenames and paths and incorrect use of the “FileProvider”. The Dirty Stream vulnerability allows malicious applications to send a file with a manipulated name/path to another application via a custom intent. This prompts the receiving application to execute it or store it in a critical directory. All this turns the operating system component into a cyberattack tool, aimed at executing unauthorized code or stealing data.
As we mentioned at the beginning, these are unfortunately widespread cases and concern applications installed more than four billion times. So far, various vulnerable applications have been identified, such as Xiaomi’s File Manager and WPS Office. The two companies, however, worked with Microsoft to develop patches and fix the vulnerability. Microsoft’s studies were also shared with Android developers through an article on Android developers: the objective is to avoid critical problems in new versions of applications. Google, among others, has updated its app security guidelines to avoid similar inconveniences in the future. As for users, they should update apps to the latest available version and not download APKs from unreliable sources. Therefore, as usual, it is advisable to always keep your eyes open.
