﻿{"id":340,"date":"2018-08-14T13:10:13","date_gmt":"2018-08-14T18:10:13","guid":{"rendered":"https:\/\/www.uv.mx\/csirt\/?p=340"},"modified":"2018-08-15T13:10:29","modified_gmt":"2018-08-15T18:10:29","slug":"man-in-the-disk-nueva-vulnerabilidad-en-dispositivos-android","status":"publish","type":"post","link":"https:\/\/www.uv.mx\/csirt\/boletines\/man-in-the-disk-nueva-vulnerabilidad-en-dispositivos-android\/","title":{"rendered":"Man-in-the-Disk nueva vulnerabilidad en dispositivos Android"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-341\" src=\"https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/android-man-in-the-disk-300x103.jpg\" alt=\"\" width=\"600\" height=\"206\" srcset=\"https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/android-man-in-the-disk-300x103.jpg 300w, https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/android-man-in-the-disk-768x264.jpg 768w, https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/android-man-in-the-disk.jpg 930w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>14\/08\/2018<\/p>\n<p><strong>Bolet\u00edn de seguridad inform\u00e1tica<\/strong><\/p>\n<p><strong><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-296\" src=\"https:\/\/www.uv.mx\/csirt\/files\/2018\/06\/informativo.jpg\" alt=\"\" width=\"121\" height=\"27\" \/>\u00a0<\/strong><\/p>\n<p><strong>Descripci\u00f3n:<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Investigadores de seguridad de Check Point Software Technologies han descubierto una forma de ataque en la que las apps gestionan el sistema de almacenamiento externo, resultando en la inyecci\u00f3n\u00a0de c\u00f3digo\u00a0que permiten la denegaci\u00f3n de servicio. Android almacena sus recursos en dos ubicaciones, almacenamiento interno y externo. Los investigadores hallaron que muchas aplicaciones usan el almacenamiento externo sin protecci\u00f3n y no usan el espacio asignado a cada aplicaci\u00f3n\u00a0que se encuentra\u00a0protegida\u00a0por \u00absandbox\u00bb en el almacenamiento interno de Android.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Recursos:<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<ul>\n<li>Celulares\u00a0con sistema operativo Android<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Soluci\u00f3n:<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Goole lanz\u00f3 una correcci\u00f3n\u00a0a las aplicaciones y se encuentran actualizando aquellas apps que son vulnerables entre ellas se encuentran: Google Translate, Yandex Translate, Google Voice Typing, Google Text-to-Speech, Xiaomi Browser entre otras\u00a0que fueron probadas por los investigadores de CheckPoint.<\/p>\n<p>&nbsp;<\/p>\n<p>Para mas informaci\u00f3n<\/p>\n<p><a href=\"https:\/\/blog.checkpoint.com\/2018\/08\/12\/man-in-the-disk-a-new-attack-surface-for-android-apps\/\">https:\/\/blog.checkpoint.com\/2018\/08\/12\/man-in-the-disk-a-new-attack-surface-for-android-apps\/<\/a><\/p>\n<table width=\"90%\">\n<tbody>\n<tr>\n<td>\n<p><a href=\"https:\/\/blog.checkpoint.com\/2018\/08\/12\/man-in-the-disk-a-new-attack-surface-for-android-apps\/\">Man-in-the-Disk: A New Attack Surface for Android Apps | Check Point Blog<\/a><\/p>\n<p>blog.checkpoint.com<\/p>\n<p>Recently, our researchers came across a shortcoming in the way Android apps use storage resources. Careless use of External Storage by applications may open the door to an attack resulting in any number of undesired outcomes, such as silent installation of unrequested, potentially malicious, apps to the user\u2019s phone, denial of service for legitimate apps,\u2026<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p>Ante cualquier duda o aclaraci\u00f3n comun\u00edcate con el CSIRTUV a las extensiones 11505, 11532 y 11564 o al correo contactocsirt@uv.mx<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; 14\/08\/2018 Bolet\u00edn de seguridad inform\u00e1tica \u00a0 Descripci\u00f3n: &nbsp; Investigadores de seguridad de Check Point Software Technologies han descubierto una forma de ataque en la que las apps gestionan el sistema de almacenamiento externo, resultando en la inyecci\u00f3n\u00a0de c\u00f3digo\u00a0que permiten la denegaci\u00f3n de servicio. Android almacena sus recursos en dos ubicaciones, almacenamiento interno y externo. [&hellip;]<\/p>\n","protected":false},"author":2037,"featured_media":341,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ventana_nueva":"","tipo_url":"","url":"","extracto":"","imagen_halign":"","imagen_valign":"","bg_size":"","text_hide":"","media_url":"","tipo_media":"","video_url":"","video_pos":"","video_youtube":"","footnotes":""},"categories":[2],"tags":[],"class_list":["post-340","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-boletines"],"_links":{"self":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts\/340","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/users\/2037"}],"replies":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/comments?post=340"}],"version-history":[{"count":0,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts\/340\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/media\/341"}],"wp:attachment":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/media?parent=340"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/categories?post=340"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/tags?post=340"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}