A New Gateway For Hacking Android: Man-in-the-Disk

A New Gateway For Hacking Android Man-in-the-Disk

With every second, technology is becoming more powerful. And with technology being so prevailing, hackers are using it to gain access to all the data they could get their hands on. But, from where do they get access to the data?

Well, there are many loopholes in our day to day tech life. And, once the loophole is detected, rest all is a game for hackers. All they have to do is, find the loophole, and enter into the system.

Similarly, researchers at Check Point, found out a loophole in Android, through which hackers could get in your Android device by using external storage. This attack technique is dubbed as ‘Man-in-the-Disk’ attack. This attack is possible only when application developers do not pay attention to app design and external storage much and also when app developers do not follow the guidelines given by Google, which makes Android device more vulnerable to these types of attacks. These types of attacks are also possible when the app has been downloaded from third party store and not from the authentic app store.

How ‘Man-in-the-Disk’ Works?

This technique enables hackers to get into the system and interfere with data stored on external storage. Let us see how:

Man-in-the-Disk’ Works

Image Source: checkpoint


1. Every time user downloads the app updates or receives data from app, it has to be passed through external storage first. This process opens a door for attackers to play with data, which is stored in external storage.

2. After monitoring the data, attackers prompt users to download the fake app, which contains the exploit script in it. Once, this fake app has been installed or updated, it asks for permission to grant access to external storage. After the permission has been granted by the user, attackers can monitor data transferred between apps and external storage. And not only this, hackers can manipulate and overwrite that data with their own in a timely manner as well.

3. This way active actors have their ‘Man-on-the-Disk’, watching for the ways in which they can intercept traffic and other information needed by another apps present on user’s device. After this, an optional data is delivered to user that leads to dangerous results.

4. The results can vary based on the attacker’s intention and what they desire. Through this way, they can also crash the application, causing denial of service, or they could also access other functionalities to create a chaos.

These functionalities or parts includes camera, microphone, contacts list and many more.

See AlsoHow Hackers Work and How to Protect Yourself

Safety Measures To Be Taken By App Developers

For this, Google has prepared guidelines for application developers stating how they should use external storage for their Android apps. These guidelines are as follows:

  • Perform input validation when handling data from external storage.
  • Do not store executable or class files on External Storage.
  • External Storage files should be signed and cryptographically verified prior to dynamic loading.

Wrap Up: What Should Be Done?

So far, we have found out that this is because of the design deficiencies that leave Android devices vulnerable to these types of attacks. It cannot be blamed that who is at fault or who isn’t.

For such types of attacks, Google has already issued some guidelines that Android application developers should keep in mind to ensure that the app and data used by it is safe & secure. And it seems like these guidelines are not enough for the developers. Instead, they should also try to secure the underlying OS and should work on the vulnerabilities of OS, which can be a long-term solution for these types of attacks.

If you found this helpful, please let us know. You can also drop your feedback in the comment section below.

See Also: Triout- A Malware Framework That Turns Android Apps Into Spyware

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Access time

The time period required for reading out of writing into the computer memory.