What did this man forget in my disk? We are talking about the Man-in-the-Disk attack and how to defend against it

If you use an Android device, then you need to know about the Man-in-the-Disk attack (MitD attack) and the dangers it carries. In short – it allows you to control legitimate applications (for example, Google, Yandex or browser Xiaomi) and use them for the introduction of malicious applications. But let’s dig deeper and find out what a MitD attack is, how it works and how to defend against it!

What is a MitD attack?

Man-in-the-Disk is a type of cyberattack on Android devices running Android OS, in which a malicious application installed by a user on a smartphone or tablet begins to infect applications or files located in external storage. Malicious code is launched as soon as the victim launches a malicious application and gives it access to external storage, allowing it to read and write data to it. This allows an attacker to modify or delete files, inject malicious code into legitimate applications, or install applications without the user’s knowledge.

We understand the basics: “sandboxes” on Android

“Sandboxes” are the basis of Android security. Its idea is to separate each installed application and its files from other installed applications. It works like this: you install the application on your device, after which its files are placed in a separate “sandbox” that other applications do not have access to.

The idea is that even if a malicious application gets on your Android device, it will not be able to change and steal the data stored by legitimate applications (login and password of your banking application or correspondence in the messenger). This way, your important data remains safe, even if there is malware on the device.

But hackers do not doze off and constantly try to “escape from the sandbox”, which they sometimes succeed.

How does the Man-in-the-Disk attack work?

Everything is quite simple. In addition to the areas inside the “sandboxes” where applications and their files are stored, Android has a common storage called External Storage. To access it, the application must ask for your permission. And if you provide it, then the application gets the ability to read and write data to external storage. But there is nothing suspicious about this – now almost every application requests such permission. In addition, many applications use external storage to exchange files with each other, to transfer files between a smartphone and a computer, or to temporarily store data downloaded from the Internet.

For example, when you update an application, its additional modules are first uploaded to external storage, after which they are transferred to an isolated area that only this application has access to. This is where the MitD attack begins. It uses a feature of how Android works with external storage. Unlike a sandbox, any application that has read/write permission to external storage can modify any files located there. Thus, even if the files of some good programs are stored in external storage only temporarily, an attacker’s application can modify them by introducing malicious code.

It turns out that when updating a legitimate application, you may not even suspect that you accidentally brought malware to your device. And when you try to launch an infected application, malicious code will be executed, and the hacker will gain control of your device.

How to protect yourself from a MitD attack?

There is nothing complicated here:

Do not grant read/write permission to external storage to any application that does not need it.;

Always install apps from trusted sources, try to avoid downloading and installing apps from third-party websites and app stores.;

Update the OS and applications regularly to increase the overall protection of the device;

Do not install unnecessary applications;

Delete apps that you don’t use;

Install a reliable antivirus solution on your device.

To sum up: is it worth worrying about MitD attacks?

Despite the serious threat posed by such attacks, you should not worry about anything if you take the appropriate measures to protect your device. Just don’t forget to follow our advice and everything will be fine!