by_adr - Fotolia
Check Point researchers at Black Hat 2018 unveiled a man-in-the-disk attack that could enable attackers to take over Android devices. What is a man-in-the-disk attack and how does it work?
Smartphones and standard PCs have very different security models, but they do have similar security controls. One key security control on most mobile OS platforms, such as Android, is the use of sandboxes to limit the attack surface for a vulnerability and to restrict attackers to only the resources accessible in the sandbox. Due to the limits set by the sandboxes, they have become a common target for attacks, as attackers will attempt to find ways to escape the sandboxes and access the underlying systems.
Android devices, for example, have applications that run in Android's sandbox so the devices only have access to the files inside the sandbox; it is the sandbox, not the app, that controls access to the file system, network and other underlying system resources.
Check Point researchers released a blog about an attack that exploits a weakness in Android's sandboxing functionality when an app needs to access storage outside the sandbox. The researchers also found that Google's recommendations for accessing files outside of a sandbox involve a suggestion that certain files should be handled as if they are untrusted. However, not all developers -- including Google -- took precautions in the past to treat files outside of sandboxes as untrusted -- and Check Point found a way to exploit this with a new attack.
Check Point researchers called this a man-in-the-disk attack, an extension of a man-in-the-middle attack. During a man-in-the-disk attack, hackers target a communication channel and use a time-of-check versus time-of-use attack. In this case, a malicious app can replace a legitimate file used by the targeted app outside of the sandbox with a malicious file used by the attacker. When the targeted app opens the malicious file, actions ranging from the app generating an error and closing, executing malicious code on the device, or even installing another malicious app can take place.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Mobile security threats and prevention
Related Q&A from Nick Lewis
A flaw was found in the Android installer for Fortnite and was patched within 24 hours. Learn how such a quick turnaround affects mobile app security... Continue Reading
Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively... Continue Reading
A Mozilla vulnerability duplicated in the Browser Reaper set of DoS proofs of concept caused Chrome, Firefox and Safari to crash. Learn why and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.