Microsoft Warns Billions Of Android Users At Risk For Dirty Stream Attacks

update your apps billions vulnerable to dirty stream attack
Earlier this month, Microsoft discovered a vulnerability pattern in Android applications that could enable overwriting files and allow remote code execution. This issue that could be leveraged by attackers has also been seen in the wild with several applications, but organizations have seemingly been quick to rectify the problems with Microsoft’s help. In any event, this goes to show that, as part of good cybersecurity hygiene, keeping software up to date, even if it is an app on an Android phone, is of utmost importance.

On May 1st, Microsoft posted a security blog post regarding what it calls the “Dirty Stream attack.” This attack hinges on a subsection of an application that enables file sharing between installed apps, which can be made malicious and used instead of the standard FileProvider class in the Android software development kit. Further, apps that receive files often do not “validate the content of the file that it receives” and use “the filename provided by the serving application to cache the received file within the consuming application’s internal data directory.”

dirty stream update your apps billions vulnerable to dirty stream attack

In one example, this concept could be used to leak secrets or upload files where they shouldn’t be. Share targets are Android apps that are self-declared to “handle data and files sent by other apps,” and with Dirty Stream, a malicious app could “send a file directly to a share target with a malicious filename and without the user’s knowledge or approval.” In other examples, a malicious application could get access to SMB or FTP shares by retrieving plaintext credentials stored on a device.

shares update your apps billions vulnerable to dirty stream attack

Beyond just the hypothetical, Microsoft also discovered this vulnerability pattern in several then-current Android apps on the Google Play Store. This included four apps with over 500 million installations each, but the two examples used were Xiaomi Inc’s File Manager, with 1 billion installs, and WPS Office, with 500 million. Thankfully, vendors have worked with Microsoft to fix the issues and have updated their respective apps.

While these companies can go and address the issues at hand, it is up to the consumer to update their phone regularly. Checking not only for system updates, but also app updates regularly can keep you secure and not worrying about what vulnerability may come next.