The Android Sandbox Environment (previously known as Android for Work) has been found to be vulnerable to App-In-The-Midle-Attacks, reported researchers from Skycure.
Android Sandbox Environment Found To Be Dangerous
Security researchers from Skycure announced that the Android Sandbox Environment has been identified as being vulnerable. This framework was previously known as Android for Work. Since it’s introduction in Android 5.0 Lollipop this option allows the owners to separate their personal and business data on the same device by using a specialized profile that is managed by the IT administrators. This effectively secures all business-related applications, emails and documents within the boundaries of the business profile. The sandbox prevents any outside apps from accessing the container.
However SkyCure researchers announced that the analyzed implementation was vulnerable due to an thApp-In-The-Midle-Attack. Two methods of intrusion have been demonstrated which depend on malicious user interaction.
The first attack relies on the use of a malicious application running with the personal profile. The app can request permission to view and action all notifications, including the ones that come from the sandboxed environment. This method can extract sensitive information coming from email alerts, calendar events and etc.
The second attack uses the Android’s Accesibility Service which is designed to offer several enhancements for people with disabilities. This feature allows access to almost all controls and stored content on the device both for reading and writing. An application with the appropriate permissions can access the apps running in the sandbox. This attack is dangerous as the IT administrators cannot detect any exposure that has been caused by such vulnerabilities.
The Android engineers have implemented a specialized API which is used to whitelist the accessibility services. According to the researchers it can be circumvented either by a malicious app which uses the same package as a whitelisted legitimate application or by an existing malicious app that use the Accessibility feature. It can trick the device owner into whitlisting it. To a large extent the vulnerability is caused by a feature which has been designed to help users use their device. By itself the exploit is not dangerous if the user does not explicitly grant access to the app or use a malicious package.
Potential defense against possible attack campaigns includes two possibilities:
A security patch released from the Android the developers which can devise a new implementation of the service that eliminates the issue.
Careful use from the user’s side of their devices. Social engineering tricks are the most likely methods of infecting targets.