Google security researchers have revealed this week that the immensely popular Fortnite Android app is vulnerable to so-called man-in-the-disk (MitD) attacks.
This vulnerability allows low-privileged malicious apps already installed on a users’ phone to hijack the Fortnite app’s installation process and install other malicious apps that have a higher permissions level.
Epic Games, the Fortnite game developer, has released version 2.1.0 that patches this attack vector.
Fortnite app vulnerable to MitD
The concept of man-in-the-disk attacks has been recently detailed in more depth by security researchers from Israel-based cyber-security firm Check Point.
In a simplified explanation, MitD attacks are possible when an Android app stores data on External Storage mediums, outside its highly-secured Internal Storage space.
An attacker can watch a specific app’s External Storage space and tamper with the data stored in this storage space because this space is shared by all apps.
The Fortnite app is vulnerable to this attack because the app does not contain the actual game, but is merely an installer. Once users install the app, this installer uses the device’s External Storage space to download and install the actual game.
“Any app with the WRITE_EXTERNAL_STORAGE permission can substitute the APK immediately after the download is completed and the fingerprint is verified. This is easily done using a FileObserver. The Fortnite Installer will proceed to install the substituted (fake) APK,” a Google researcher wrote in a bug report recently made public.
“If the fake APK has a targetSdkVersion of 22 or lower, it…