The last couple of weeks we heard a lot about Man-in-the-disk attacks. This is a new way to circumvent the security mechanisms on Android based systems. In this blog I am going to talk a bit about this.
Android is basing their security on a sandbox principle. Basically this means that every application is running in his own environment, isolating every application so it can’t touch any other application without explicit approval by the user. With this Android is preventing any malicious application of accessing your private files or data without you knowing this.
Besides the sandboxes used for all the application that are in use on your Android device there is a shared external storage. Every application will need to ask for permission to access the photos, media, application and other stuff on this storage. This can be specified to read access and write access. Both those privileges are not really considered dangerous, and since almost every application asks for access its almost considered normal to approve.
This storage is mainly used to transfer data between two applications (between two sandboxes), transferring data between the computer and the Android device and for everything downloaded from the internet. The problem that exist is that almost every application on your Android device has access to read and change the files in this shared storage. So while the application is running safely in the sandbox the user did give it permission to add something to the shared storage that is also used by other applications.
What does this mean?
When you just read this you may think yeah whatever. But in a real-life scenario you might use your phone for BYOD (Bring Your Own Device) for work. And decided to install that new game that is so popular in the app-store right now. While you are playing that cool game, this came could change the files in the shared storage potentially stealing your private or company data without you ever knowing it.
How can you protect yourself against a Man-in-the-Disk attack? There isn’t a real solution yet. However being aware is the best protection. When you download an application try to only use the official Google Play store. While it still is possible that an app is dangerous, it’s much less likely that an APK download.
When an application ask for access to something try to think about it. Does a game really need access to your storage? Deny any access that doesn’t seems reasonable, if the app functions without it… It doesn’t need it, if it won’t run you can always enable those access later on. And the most important if your done with an application just delete it, the less applications you run the safer it is.