:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/NNB32L6OMVBUBJVXTBZ7AJSFDY.jpg "'Dirty Stream', the vulnerability in popular Android apps that allows hackers to execute malicious code | TECHNOLOGY")
Microsoft has warned of a pattern of vulnerability associated with several popular Android applications that have more than 4 billion installations on devices, with which cybercriminals can get a malicious application to execute arbitrary malicious code and steal tokens with login information .
This was shared by the technology company within the framework of an investigation carried out by the Microsoft Threat Intelligence team, where it has disclosed this vulnerability to which they have referred to as ‘Dirty Stream’.
Specifically, the identified vulnerability allows malicious actors to gain full control over the behavior of the application by executing arbitrary code. Meanwhile, token theft can give cybercriminals access to user accounts and sensitive data.
As explained in a statement on their cybersecurity blog, this vulnerability affects popular Android applications available in the Google Play Store, which currently have more than 4 billion installations on Android devices.
In this sense, researchers began sharing the information found about the vulnerability with the developers of the affected applications in February of this year. From that moment, the developers began to implement corrections through updates, in order to mitigate this failure.
Now, after identifying that more apps may be affected, Microsoft has highlighted its intention to raise awareness of the issue and provide guidance to help prevent developers from introducing this pattern of vulnerability into their Google Android apps.
One of the affected applications is Xiaomi File Manager. According to Microsoft, the researchers were able to execute arbitrary code and, therefore, control the application, in version V1-210567. However, after learning of the bug, Xiaomi published the updated version V1-210593, in which they have verified that the vulnerability has been solved.
The same has happened with the WPS Office application, where researchers were able to obtain arbitrary code in version 16.8.1. The vulnerability was later fixed starting with version 17.0.0.
In the case of Xiaomi File Manager, Microsoft has indicated that it has more than 1 billion installations. Likewise, the WPS Office ‘app’ has more than 500 million installations.
Failure in the Android data and file sharing system
As developed by Microsoft, this vulnerability is found in the data and file exchange system on Android. Typically, applications developed for this operating system have their own data and memory space isolated on the device. However, sometimes it is necessary for different applications to share information with each other for their correct functioning.
In this sense, to facilitate the exchange of data and files between applications, Android provides a system called content provider, which acts as an interface to manage and expose data to the rest of the installed applications.
Thus, the company has detailed that, although this system has security measures and is a reliable solution, an incorrect implementation in the applications can introduce vulnerabilities that “can allow reading or writing restrictions within the home directory to be circumvented.” an app”.
All of this means that malicious actors can bypass existing security measures and execute arbitrary code on the device, allowing them to gain control of the application. Likewise, another consequence can be reflected in the theft of application tokens, which allows obtaining login information and, therefore, access to accounts and confidential data.
In an example of exploiting this vulnerability shared by Microsoft, the vulnerable application could load native libraries from its data directory. In this case, the malicious application can overwrite a native library with malicious code that is executed when the library is loaded.
Avoid introducing this pattern in Android applications
With all this, Microsoft has indicated that they are collaborating with Google to create specific guides for Android application developers to help them “recognize and avoid this pattern.”
Additionally, Microsoft researchers have also recommended developers and security analysts use the Android app security guide provided by Google, as well as use the Android Lint tool, included with the Android SDK and integrated with Android Studio , to identify and avoid possible vulnerabilities. In the same way, they have referred to GitHub’s CodeQL service, which also provides capabilities to identify vulnerabilities.
On the other hand, regarding users, Microsoft has advised that they keep the applications and their devices updated to be able to have the versions with the corrections to said vulnerability.