Android裝置App的資料共享方式有資安破口,研究人員揭露能以此發動的攻擊手法Dirty Stream,影響範圍廣大
· 2024-05-20
近期微軟針對安卓裝置公布名為Dirty Stream的攻擊手法,並指出光是他們在Google Play市集找到存在相關弱點而可被當作攻擊目標的應用程式,就已被下載超過40億次,而且,當中有4款是被下載超過5億次的熱門應用程式
研究人員透過Mi File Manager展示如何發動Dirty Stream攻擊,他們透過該應用程式清理裝置垃圾檔案的元件來觸發相關弱點,從而在該檔案管理軟體植入惡意配置檔案,一旦啟動了垃圾清理功能,他們就能載入對應的惡意程式庫,並透過瀏覽器的使用者ID執行程式碼。
為何他們選擇利用這款應用程式來進行驗證?研究人員指出,由於該檔案管理軟體具備透過FTP及SMB通訊協定進行遠端檔案共用的功能,一旦觸發相關弱點,受到影響的不只是單臺行動裝置,甚至可能影響內部網路的共享存取。
Popular articles
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
British gambling levy rates confirmed for each vertical
Regulation
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
Indiana online casino bill stalls in House committee
Regulation
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
