by_adr - Fotolia

Q
Manage Learn to apply best practices and optimize your operations.

Man-in-the-disk attack: How are Android products affected?

Researchers from Check Point announced a new attack at Black Hat 2018 that targets Android devices. Discover how this attack works and how devices should be protected with Nick Lewis.

Check Point researchers at Black Hat 2018 unveiled a man-in-the-disk attack that could enable attackers to take over Android devices. What is a man-in-the-disk attack and how does it work?

Smartphones and standard PCs have very different security models, but they do have similar security controls. One key security control on most mobile OS platforms, such as Android, is the use of sandboxes to limit the attack surface for a vulnerability and to restrict attackers to only the resources accessible in the sandbox. Due to the limits set by the sandboxes, they have become a common target for attacks, as attackers will attempt to find ways to escape the sandboxes and access the underlying systems.

Android devices, for example, have applications that run in Android's sandbox so the devices only have access to the files inside the sandbox; it is the sandbox, not the app, that controls access to the file system, network and other underlying system resources.

Check Point researchers released a blog about an attack that exploits a weakness in Android's sandboxing functionality when an app needs to access storage outside the sandbox. The researchers also found that Google's recommendations for accessing files outside of a sandbox involve a suggestion that certain files should be handled as if they are untrusted. However, not all developers -- including Google -- took precautions in the past to treat files outside of sandboxes as untrusted -- and Check Point found a way to exploit this with a new attack.

Check Point researchers called this a man-in-the-disk attack, an extension of a man-in-the-middle attack. During a man-in-the-disk attack, hackers target a communication channel and use a time-of-check versus time-of-use attack. In this case, a malicious app can replace a legitimate file used by the targeted app outside of the sandbox with a malicious file used by the attacker. When the targeted app opens the malicious file, actions ranging from the app generating an error and closing, executing malicious code on the device, or even installing another malicious app can take place.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in January 2019

Dig Deeper on Mobile security threats and prevention

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How do you protect your Android devices from attacks?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close