Microsoft has urged Android users to remain vigilant against a new security flaw, being called ‘Dirty Stream,’ which affects various applications, and has the possibility of impacting hundreds of millions of users globally.
Although this is a widespread issue, it’s unclear roughly how many Australians in particular are at risk.
The core of the issue is in Android’s ContentProvider system, designed to help share structured data between applications on a device.
Tom’s Guide reported that it allows Android apps to communicate and exchange files, albeit under strict security protocols.
Microsoft’s recent warning indicates that malicious apps are able to exploit this system. They do this by using custom intents-specialised messaging objects in Android.
The intents bypass security measures and allow hackers to send files with altered names or paths to real apps, smuggling in malicious code.
Some of the apps vulnerable include Xiaomi’s File Manager and WPS Office. This has a total of over 1.5 billion installations.
Dirty Stream allows hackers to manipulate apps to overwrite critical data in storage, which could lead to unauthorised code execution, data theft, and hijacking of the compromised app.
Investigations within Microsoft have proved this isn’t an isolated issue, but a widespread issue across various applications. It’s estimated applications that are vulnerable have been downloaded over four billion times.
Various precautions can be taken to reduce the risk of a Dirty Stream vulnerability.
Users have been urged to avoid sideloading apps, which are apps from outside official app stores that bypass security checks on Google Play or other app stores. Users have been told to download apps from trusted services.
Additionally, users have urged to activate Google Play Protect, which is a built-in security feature that scans apps for malicious behaviour constantly.
Users can also install reputable antivirus software to provide an extra layer of security, as they offer extensive features that enhance a device’s ability to prevent malware and cyber threats.
Keep applications and the operating system updated, and watch out for the permissions granted on apps.
The warning comes days after Google revealed it banned 2.28 million applications from its Play Store last year, rising almost 60 per cent compared with the year before.
In addition, Google started the year by releasing patches for 58 vulnerabilities in Android.
It started with ten security holes in the Framework and System components, and then patches for 48 vulnerabilities in Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components, according to Security Week.
