"MAN-IN-THE-DISK" is a new attack technique it takes advantage of storage protocols in third party applications in order to crash a victim's Android mobile device.The "Man-in-the-Disk" attack surface allows a hacker to interfere with an android app's data stored in external storage, the operating system’s type of storage typically used to share data between applications for instance a messenger using a photo from a camera app.
The "Man-in-the-Disk" attack works because of two reasons. First any app can tamper with another app's External Storage data. Second because almost all apps ask for this permission, users are generally willing to give it and unaware of any security risks. This can be abused to install another app in the background without the user’s knowledge and further whatever privileges the attacked app has, the bad code can gain access to all of those privileges for its own purposes.
No comments:
Post a Comment