Everyone knows man-in-the-middle (MITM) – strangely referred to as ‘man in the middle’. It’s an attack in which a third person somehow intercepts the data exchanged between two parties. Kaspersky has now discovered a new strand focused on Android smartphones. But this time they call it man-in-the-disk (MITD).
“A key principle of Android is that all applications should be isolated from each other. This is achieved through the use of so-called sandboxes. Each app, along with its private files, lives in a ‘sandbox’ that others can not access, “explains Kasperksy about Android. “The idea is to prevent a malicious program. Even from infiltrating your Android device. Also, from stealing data that other good apps store. For instance, your bank account username and password or message history. It’s no surprise that hackers are working hard to find new ways to bypass the engine by looking for something called a “sandbox escape”. And they are successful from time to time. For example, the presentation of Slava Makkaveev at DEF CON 26 had the focus as an application without permissions particularly dangerous or suspicious escaping from the sandbox. He nicknamed the “Man-in-the-Disk” method, because of the recognized type of Man-in-the-Middle attack. “
The problem is that any program with read / write access to external storage may be able to access and modify the files. Also, add something malicious
Understand the attack
Android also has a shared external storage called … “External Storage”. For an application to be able to access it, the user needs to give this permission. This External Storage permission gives you access to your smartphone’s files, media, and photos. It’s something that most apps already installed on your phone have. So, you would easily free it for another app to have that access.
“Applications use external storage for many useful things. For instance, replacing or transferring files between a smartphone and a computer. However, external storage is also often used to temporarily store data downloaded from the Internet. First, this data is inserted into the shared part of the disk. Then, it’s transferred to an isolated area that only specific applications can access, “explains Kaspersky. “For example, an application may temporarily use the area to store additional modules it installs to expand its functionality. Also, additional content such as dictionaries or updates. The problem is that any program with read / write access to external storage may be able to access and modify files, and add something malicious.”
Recommended: MyRoutes Route Planner Pro for PC, MAC, Windows
Exploring external storage, Slava Makkaveev showed some examples of this attack on DEF CON 26 with exploits of the vulnerability of Google Translate, Yandex.Translate, Google Voice Typing and Google Text-to-Speech. As well as LG and browser system applications of Xiaomi.
- Summarizing the attack: Applications with access to the Shared External Storage may end up cheating you and asking you to download malware. From this point, a malicious program would have access to the complete data on your smartphone.
As always, Kaspersky has listed a few points that should help you protect yourself from the “man on disk”:
- Only install apps from official stores like Google Play. Malware can infiltrate. But it is much rarer – and removed regularly.
- Disable the installation of third-party applications in your smartphone or tablet settings. Since these are the most dangerous sources. To do this, select Settings -> Security. Then, uncheck Unknown sources.
- Choose verified developer apps. Check the app’s rating and read user ratings. Avoid installing anything that looks suspicious.
- Do not install what you do not need. The fewer apps you have on your phone, the better.
- Remember to remove apps that you no longer need.
- Use a trusted mobile antivirus application.
Also Read: LivExtreme PC (Mac OS – Windows 10, 8, 7)