"Surreptitious Sharing Attacks": A new type of attack targets Android Apps and leads to a leak of personal data.
At the GI Sicherheit 2016 conference held in Bonn, Germany, two security researchers unveiled a new kind of attack targeting Android devices called "Surreptitious Sharing."
The problem is buried deep in the Android API. The two researchers, Dominik Schurmann and Lars Wolf, explain that the issue affects links that are shared through apps, and for which Android uses Uniform Resource Identifiers (URIs) that point to the actual storage location of the device.
Researchers explain that normal behavior would be for apps to send files as serialized content through the Intent API, and not to use file schema URIs.
They also state that the easiest way to mitigate this issue is to not allow specific MIME types when transferring or exchanging data within applications, and in particular, suggesting disabling URI file schemes.
The concept is a bit difficult to grasp without deep knowledge of Android, so the two researchers provided two demos demonstrating the potential of the attack.
# Example 1: Attackers can steal IMAP passwords
Researchers created a malicious app, which after being installed on the user's device, displays a false page, informing the victims that the application has crashed, and a button to send a supposed error report to the developer of the application.
The fake error report button contains a file schema URI, which refers to the exact location of the user's hard disk where client IMAP passwords are stored.
When users click the link, they open an email application, and IMAP passwords are sent directly to the attackers. Users are not able to know what exactly happened and they think they just clicked on a link.
The researchers examined a total of four e-mail applications and all proved to be vulnerable. The applications were Gmail, K-9 Mail, AOSP Mail and WEB.DE.
# Example 2: Attackers can intercept private conversations from IM applications
In their second attack, the researchers created another malicious app that encourages users to share an audio file through an IM application.
As before, the share link for the audio file has been configured to refer to the database file where conversations are stored from the messenger applications of the users. By clicking to share the audio file, users actually send the Messenger database to the intruders.
The researchers looked at IM applications such as Skype, Hangouts, WhatsApp, Threema, Signal, Telegraph, Snapchat and Facebook Messenger. Threatens, Signal, Telegraph, and Skype applications proved to be a pity.
How useful was this post?
Average rating / 5. Vote count: