A new vulnerability flags apps that misuse SD cards

Unfortunately, every week we learn of new and dangerous vulnerabilities that can affect the operation of Android devices. Today we have the news of a new hole, reported by the Check Point security team.

These experts have just discovered that there are some applications that can misuse your computer's external storage system. We mean SD cards.

But what exactly is the problem? According to this security company, the applications that we normally install on our Android devices should systemically integrate the apps into the heart of the device However, some have been installed unnecessarily on SD cards, without any protection and without validating in any case the data that comes from that space.

It seems that any experienced intruder could take advantage of this security misuse to gain access to the device, manipulate the stored data, and cause real havoc.

Watch out for applications that misuse the SD card

Experts have dubbed this vulnerability 'Man-In-The-Disk Attack' or 'Man-In-The-Disk Attack', in its literal translation. But how exactly does it work?

According to these experts, this time the bug is not based on a deep exploit at the operating system level What usually happens is that the user is convinced to download an application that appears to be harmless. But in that it actually monitors the operation of the device, on the use it makes of external storage.

When legitimate applications check for updates, these others are responsible for modifying the content stored on the SD card to carry out a series of malicious actions, such as installing malware,but also denial-of-service attacks and application crashes The goal is to inoculate malicious code. The problem is that many of these applications are in common use, so you may have had them installed on your device at some time or even right now.

Applications that have misused the SD card

Unfortunately, apps that have misused the external storage of Android devices are more common than we imagined. Thus, some are the following: Google Translate, Voice Tyiping or Text-to-Speech, on the one hand, and others from third parties, such as Xiaomi Browser or Yandex Translate .

Luckily, those responsible for these applications are already working to solve this incident. So much so, that Google and other developers have proposed to review the way their applications access the device's external card.

We are aware that Google has taken action to resolve the issue. But what about all the rest? Of course, no security company is going to go through all the apps that are available for Android one by one to see if they are misusing external storage or not. Neither has Check Point.

In addition, there is no native protection, so users should be especially cautious when installing depending on which applications The best thing ( although we have already seen that even Google applications can malfunction in this regard) is to install only applications that you trust and avoid strange or dubious downloads. It's the only way to get as far away from danger as possible.