Back to Home

Vulnerability (?) And surveillance in the Bluestacks emulator?

Two days have passed this week · and there are no major scandals yet. The swamp began to drag on duckweed. Let's talk about Bluestacks · an Android emulator. The developers claim that it was installed 90 million ...

Vulnerability (?) And surveillance in the Bluestacks emulator?

Two days have passed this week, and there are no major scandals yet. The swamp began to drag on duckweed. Let's talk about Bluestacks, an Android emulator. The developers claim that 90 million people installed it. Well, let me try to throw dirt at Bluestacks.

image

Once I was looking for my password file on disk. He entered the password that he remembered, and set the search in fresh files. There were 2 files: a password file and a file in the “\ BlueStacks \ Android \ Data.sparsefs \” folder.

After praying to Athena to give me wisdom and patience, I set about dissecting. Result: BlueStacks intercepts and writes to itself keyboard operations that are not addressed to it.

I did some Ctrl + C in Windows notepad. Then you need to close the main window of the emulator with an ordinary cross (otherwise the emulator will not write the results of interception to a file). Then you need to kill ALL of his processes as a taskkiller. What did I find in “\ BlueStacks \ Android \ Data.sparsefs \”? Right. There were also 20-character passwords with which I sign the APK and other “Ctrl + C” from the past. Maybe there is not only a clipboard, but also just a stream from the keyboard, only encrypted? I don’t know how to check.

But everything suggests that the Bluestackers will not stop talking, saying that the recording of your data is for debugging in case of crashes. I repeat: the interception is written to the file only when the program terminates normally.

Made a video on the topic:
yadi.sk/i/G4mLHmMniptzD

If you dig deeper, you will see in BlueStacks interception of pages and data from Internet Explorer and Firefox. There are probably timestamps and you can match the clipboard and URL.

Praise Mercury, the god of communications and thieves! I found another pleasant surprise: if you insert a USB flash drive into the computer, its structure will be written to the BlueStacks files (at least the names of files and folders, and maybe dates in binary form).

BlueStacks components require internet access. And also Bluestacks launches the svhost / HTTP SSL / HTTPFilter process. To whom and what is flowing? I do not understand network protocols, who is familiar with Fiddler / Wireshark, please let me know what is being transmitted there. On the surface - a freshly installed emulsion communicates with a dozen IP ranges.

The emulator can work with the microphone and video camera of the computer, as you know, maybe Bluestacks will surpass Windows 10 and this week will go down in the annals of history.

image

Educational program for victims of the Unified State Examination: “I finished” - the formula for ending the speech of the ancient Roman senators. Not what you thought. How clumsy the Russian language has been over these 15 years!

Read Next