Android vulnerability: Billions of devices are at risk due to “dirty flows” – Technology and Design –

The vulnerability affects almost all Android devices and can be exploited through faulty implementation of the so-called content provider system, which is responsible for managing data between different applications.

What makes this vulnerability special is the method hackers use to attack it. Using the “Dirty Streams” method, they can send malicious files to other applications, which then work with these files without their knowledge. If the file is saved or even executed, the malware can be activated the next time the affected application is opened. This attack method takes advantage of an Android security feature, which is supposed to protect against exactly such threats.

What is particularly concerning is that popular applications such as Xiaomi File Manager, which has been downloaded more than 1 billion times, and WPS Office, which has been downloaded 500 million times, are also affected by this vulnerability. Microsoft warns that the problem may be much larger, as many other applications may be affected as well, without knowing the full list.

The good news: Many app developers, including Xiaomi and Kingsoft (developer of WPS Office), are already aware and are working on patches to close the vulnerability. However, Android users should take some precautions to better protect their devices:

Since the vulnerability is widespread and the attack method appears relatively easy to implement, it is likely that hackers will soon be able to exploit this vulnerability.