Android Vulnerabilities: Man-in-the-Disk Attacks Google Translate
iSpeech
Check Point Research discovers a shortcoming in the design of Android’s use of storage resources. Careless use of External Storage by applications may open the door to an attack resulting in any number of undesired outcomes, such as silent installation of unrequested, potentially malicious, apps to the user’s phone, denial of service for legitimate apps, and even cause applications to crash, opening the door to possible code injection that would then run in the privileged context of the attacked application.
In the case of Google Translate, developers failed to validate the integrity of data read from the External Storage. As such, our team was able to compromise certain files required by these apps, resulting in the crash of each of these applications, as seen in video of crashing Google Translate.
For more details on the Man-in-the-Disk, please visit: https://research.checkpoint.com/androids-man-in-the-disk/
2018-08-12 20:21:03
source
Gloss