homehome Home chatchat Notifications


Billions of Android Devices May Be Open to 'Dirty Stream' Attack

There’s nothing that users can do other than ensure they update apps as soon as possible.

Alexandra Gerea
June 20, 2024 @ 1:09 am

share Share

Credit: Wikimedia Commons.

Microsoft recently reported the discovery of a serious security vulnerability in popular Android applications. Dubbed the “dirty stream” attack, it involves at least four apps with more than 500 million users. The vulnerability can result in attacks such as remote code execution and token theft, depending on the app’s implementation. Here’s what you need to know.

What is a “dirty stream” attack?

A “dirty stream” attack exploits the content providers in Android apps to enable them to share files. Each app using the Android operating system has dedicated data and memory space. Android provides a “content provider” to facilitate the secure data transfer between apps.

Content providers can use intents—operational triggers—to start data queries throughout this process. They are the interface for managing an app’s data and exposing it to other installed applications on a device. 

An app that needs to share its files—or a file provider—specifies the paths other apps can use to get to the data. File providers include an “address” (identifying features) that other apps can use to find them on a system.

When the client application does not correctly handle the filename of the server application, hackers can implement a malicious app on another app on the device. The app creates an intent carrying a manipulated filename or path, tricking the client app into finding, exploiting, or replacing other data on the device. These may expose the app user to severe consequences, such as stealing tokens that enable access to the user’s accounts or sensitive data.

Validation Is Key

Microsoft believes that four billion app installations from the Google Play Store are vulnerable to the attack. It shared its findings with developers and publishers to alert them to the dangers and help them prevent it in new releases. 

Xiaomi Inc.’s File Manager product and WPS Office are among the affected vendors who have already fixed the issue. There is no advice about any vulnerability with the Amazon Prime Video app, which has over 500 million downloads on Google Play Store. However, that might not be true for all apps with the same vulnerabilities.

The content provider-based model enables secure and well-defined file sharing with other applications. However, the problem is that many Android apps do not validate the content when it receives a file from another app. It simply takes it in good faith that the filename provided by the serving application is on the up and up.

That allows hackers to introduce a rogue app that sends files with malicious filenames directly to the file share target without the user’s knowledge. Typical targets include browsers, messaging apps, email clients, networking apps, and file editors. When a file share target receives a malicious filename, it uses it to initialize the file. That triggers a process that could compromise the app’s security.

The potential impact will vary depending on an app’s implementation. Sometimes, an attacker could use a malicious app to communicate with their server or get it to share the user’s authentication data. They could also overwrite code in an app’s native library to execute arbitrary code. Since the rogue app controls the name and content of a file, failing to validate the input can lead to the overwriting of critical files.

The Microsoft report came shortly after Google reported barring over two million apps from the Play Store in 2023. That is almost 60 percent more than in 2022. The threat landscape is intensifying, emphasizing why users must install security updates as soon as they are available. Microsoft worked with Google to create guidelines to bolster developers’ Dirty Stream defenses and mitigate their apps’ susceptibility.

What can end users do?

There’s nothing that users can do other than ensure they update apps as soon as those updates become available. They should also be cautious when downloading and installing new apps. End users should only download from trustworthy sources. Suppose they must install an app from an unfamiliar developer. In that case, they should use tools like Microsoft Defender to verify that the app they want to use doesn’t contain malicious code.

share Share

How Hot is the Moon? A New NASA Mission is About to Find Out

Understanding how heat moves through the lunar regolith can help scientists understand how the Moon's interior formed.

America’s Favorite Christmas Cookies in 2024: A State-by-State Map

Christmas cookie preferences are anything but predictable.

The 2,500-Year-Old Gut Remedy That Science Just Rediscovered

A forgotten ancient clay called Lemnian Earth, combined with a fungus, shows powerful antibacterial effects and promotes gut health in mice.

Should we treat Mars as a space archaeology museum? This researcher believes so

Mars isn’t just a cold, barren rock. Anthropologists argue that the tracks of rovers and broken probes are archaeological treasures.

Hidden for Centuries, the World’s Largest Coral Colony Was Mistaken for a Shipwreck

This massive coral oasis offers a rare glimmer of hope.

This Supermassive Black Hole Shot Out a Jet of Energy Unlike Anything We've Seen Before

A gamma-ray flare from a black hole 6.5 billion times the Sun’s mass leaves scientists stunned.

Scientists Say Antimatter Rockets Could Get Us to the Stars Within a Lifetime — Here’s the Catch

The most explosive fuel in the universe could power humanity’s first starship.

Superflares on Sun-Like Stars Are Much More Common Than We Thought

Sun-like stars release massive quantities of radiation into space more often than previously believed.

This Wild Quasiparticle Switches Between Having Mass and Being Massless. It All Depends on the Direction It Travels

Scientists have stumbled upon the semi-Dirac fermion, first predicted 16 years ago.

New Study Suggests GPT Can Outsmart Most Exams, But It Has a Weakness

Professors should probably start changing how they evaluate students.