Dangerous vulnerability is found in Android, through which smartphones can be hacked

Developers at Microsoft have identified a significant vulnerability in popular mobile platform Android apps. This vulnerability allows attackers to remotely execute malicious code, steal user data, and authentication tokens.

According to Microsoft's report, the vulnerability affects at least four apps from the Google Play Store with millions of downloads. Among them is a popular file manager from the Chinese company Xiaomi and the WPS Office suite. Each of these apps has over 500 million installations.

The vulnerability stems from the fact that many Android apps use a mechanism for secure file exchange with other apps. However, when receiving a file from a third-party app, they do not check its contents and use the filename provided by the sender to save it in internal storage. Malicious actors exploit this by creating malicious apps that send files with dangerous names to target programs. Upon receiving such a file, the target app saves and starts using it, leading to compromise of the software solution and leakage of confidential data.

According to Microsoft experts, the potential consequences could be serious. For example, attackers could redirect application traffic to their server, gain access to authentication tokens, personal messages, and other valuable information.

Microsoft has informed Google about the discovered issue and released a guide for developers to identify and fix this vulnerability in Android apps. Additionally, Microsoft has directly contacted providers of vulnerable software in the Google Play Store. Xiaomi and WPS Office companies have already released updates to patch the security hole.

However, Microsoft believes that many more Android apps may be vulnerable in a similar way. The company urges all developers to thoroughly test their products. Ordinary users are advised to regularly update apps to the latest versions and install only verified programs from the official Google Play Store.