Microsoft Issues Warning Of Dirty Stream Attack On Android Applications

Microsoft hasn’t just discovered some new type of attack on Android users. “Dirty Stream” is an attack that can be exploited in apps that have been downloaded billions of times. The problem is the data exchange.

“Dirty Stream” attack on Android apps

Microsoft’s security team explains this in a blog post about the “Dirty Stream” attack. Attackers can overwrite files in another application’s home directory, which can lead to arbitrary code execution and secret theft.

The vulnerability results from improper use of Android’s content provider system. This system manages access to structured data sets to be shared between different applications.

The system includes security measures for data isolation, URI authorization, and path validation to prevent unauthorized access, data leakage, and path traversal attacks. However, if implemented incorrectly, the security measures can be easily circumvented.

Dirty Stream takes advantage of this. This attack route allows malicious applications to send a file to another application with a crafted file name or path. The target application is tricked into trusting the file name or path and executes the file or saves it to a critical directory.

Data exchange manipulated

This manipulation of data flow between two Android applications turns a common operating system-level function into a “weaponized tool” and can be exploited for unauthorized code execution and data theft, according to Microsoft. Microsoft researcher Dimitrios Valsamaras found that faulty implementations are unfortunately common. Dirty Stream affects apps that have been installed more than four billion times, providing a large attack surface.

“We have identified several vulnerable applications in the Google Play Store that have been installed over four billion times,” the report said. “We believe that the vulnerability pattern could also be found in other applications. We are sharing this research so that developers and publishers can check their apps for similar issues and, if necessary, fix them to prevent such vulnerabilities from being introduced into new apps or versions become.” Two applications highlighted in Microsoft’s report as vulnerable to dirty stream attacks are Xiaomi’s File Manager, which has over a billion installations, and WPS Office, which counts around 500 million installations.

Both companies have already responded to the warning and are working with Microsoft. Microsoft’s findings were shared with the Android developer community in an article on the Android Developers website to prevent similar vulnerabilities in future builds. Google has also updated its app security guidelines to highlight common implementation errors in the content provider system that allow security to be bypassed. There’s not much that end users can do except keep the apps they use up to date and avoid downloading APKs from unofficial third-party app stores and other poorly verified sources.