Check Point explains that “the external storage of an Android device is a public area that can be observed or modified by any other application on the same device”.

security company Check Point has discovered a new way of targeting devices based on the Android operating system.

This threat has to do with a defect in the design of the Sandbox of Android, according to explain.

what is The consequence? Cybercriminals may end up accessing data that is stored in the external storage. Could, according to experts explain, install it on the terminal malicious applications without the user’s permission, deny service to legitimate software or cause locks to the injection of code and end up accessing the camera and microphone or to the list of contacts, for example. That is to say, they could intercept traffic and information and cause unwanted behaviour.

“These attacks are referred to as Man-in-the-Disk are possible when applications do not care about the use of the storage extern, or a resource that is shared among all the applications without the protection of the philosophy Sandbox in Android, and do not take safety precautions relevant individual”, it indicates the Check Point.

This company explains that “the external storage of an Android device is a public area that can be observed or modified by any other application on the same device” and “Android does not provide protections built-in to the data stored in the external storage”, but guidelines for developers. In addition, “many of the pre-installed applications and of popular use ignore the guidelines of Android”, notes “and keep confidential data in the external storage checked out”.

when looking for a solution to the attacks Man-in-the-Disk, it seems that “to secure the underlying operating system is the only long-term solution,”.