Dirty Stream bug puts billions of smartphones at risk

Beware of the danger to Android users Microsoft warns of a security vulnerability that exposes your applications and data to danger. The security vulnerability, which researchers called Dirty Steam, is considered serious and may threaten billions of smartphones. It comes from the way Android apps communicate and more specifically from Google’s OS “content provider” system. The latter exists to manage access to the data to be shared between different applications, an important intermediary role that includes an authorization system.

The problem is that it is possible to bypass the security system using Custom Intents. Malicious applications can then send a file with a misleading name or path to a legitimate application. The latter will execute the file and store it in an important directory, leaving the door open for the attacker. The latter would be his “Complete control over application behavior”Microsoft explains in its report. The company goes further by explaining that a hacker would be able to do this “To access user accounts and sensitive data”Available on your smartphone.

The Redmond group goes on to note that it has identified several vulnerable apps in the Google Play Store. In total, these apps have more than four billion installations, and Microsoft suspects the vulnerability could be found in other apps. In this list, we find in particular the Xiaomi File Manager (more than 1 billion installations) and WPS Office (more than 500 million installations). Via an app like Mi File Manager, the flaw goes so far as to open access to other devices by retrieving SMB and FTP IDs. Without mentioning it, Microsoft explained that it discovered the flaw in at least two other applications, each of which had more than 500 million installed.

What should I do on my Android smartphone?

The most important thing, as Microsoft reminds us, is to keep your apps updated via the Google Play Store. The note is valid for any other reliable source, in order to take advantage of the corrective updates published by the developers. Xiaomi has already deployed a patch in version V1-210593, such as WPS with version 17 of its app. Even if it is not specific to this glitch, we also advise you to update your device and check the permissions granted to each application.

Microsoft also warned Google until the Mountain View company amended its security guidelines for Android app developers. The company explains that it is sharing its work so developers and publishers can take action.

🟣 To not miss any news on Journal du Geek, subscribe to Google News. And if you like us, we have a newsletter every morning.