How to protect Android from Man-in-the-Disk attacks

Epic Games has patched a critical man-in-the-disk (MiTD) flaw for the Android version of the wildly popular game called Fortnite – although controversy has swirled after Google decided to ignore a 90-day disclosure request from the gaming company.

The issue exists in the Fortnite Installer, which downloads the Fortnite APK to external storage on an Android device. According to the Google team that reported the flaw, any app with the WRITE_EXTERNAL_STORAGE permission can substitute a malicious APK immediately after the download is completed and the fingerprint is verified.

Here are a few tips that are easy to follow:

• Install applications only from official stores such as Google Play. Malware does creep in, but it is far rarer — and removed on a regular basis.
• Disable the installation of applications from third-party sources in your smartphone or tablet settings; those are the most dangerous sources. To do that, select Settings -> Security and uncheck Unknown sources.
• Choose applications by verified developers. Check the application rating and read the reviews. Avoid installing anything that looks fishy.
• Do not install anything you do not need. The fewer apps you have on your smartphone, the better.
• Remember to remove applications you no longer need.
• Use a reliable mobile antivirus application that will give you a timely notification if a malicious app is trying to penetrate your device.

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.