Android Security Alert: “Dirty Stream” exploit gives malicious apps control over others

Android
Android

Key Points:

  • A “dirty stream” vulnerability was identified by Microsoft in Android that allows malicious apps to obtain resources from other apps.
  • The nearly 5 billion downloads of victims’ apps are proof that many enterprises value their security at risk.
  • Indian startups are being threatened by apps like Xiaomi’s File Manager and WPS Office, which have been identified as potential exploit targets.

In a security assessment, Microsoft uncovered a critical flaw called “Dirty Stream” within the Android operating system. This becomes a security issue as hackers can take control of unsuspecting programs through malicious apps.

The use of the exploit is dependent on the fact that there are vulnerabilities in the Android data-sharing mechanism, which is related to the content provider system. Conceived as sustainable, this series of events is nevertheless a high-risk situation that can occur when app developers implement the system improperly.

Taking advantage of the vulnerability, criminals abuse this technology through a feature called “Custom Intents” and in the process, they get a chance to change the name of the app or its path while passing data to other apps. As a result, the specified app is reading completely wrong results in saving files at maximum locations in the memory space.

These vulnerabilities not only put highly confidential data at risk, but also provide an opportunity for unlawful applications to disrupt the stable development of the entire software messenger. User rights are the main issue as the apps are downloaded by millions and due to their popularity, Xiaomi’s File Manager and WPS Office have the right to hack. Any program, no matter how hard they try to use a content provider system with poor implementation, is exposed to this serious problem.