CVE 2013-6272 Android phone provide right to call vulnerability analysis-vulnerability warning-the black bar safety net

2014-10-31T00:00:00
ID MYHACK58:62201455325
Type myhack58
Reporter 佚名
Modified 2014-10-31T00:00:00

Description

  1. Description

This class of vulnerability by the German security research organisation Curesec discovered late last year when the secret to tell Google until this year 7 month when it decided to publish a similar vulnerability. This vulnerability relates to the com. android. phone. PhoneGlobals$NotificationBroadcastReceiv components exposed problems, leading to the malicious application does not need to declare any permissions, can call.

2. Vulnerability details

In the Android source code(JELLY_BEAN 4.3 as an example) /packages/apps/Phone/src/com/android/phone/PhoneGlobals. java there is a named NotificationBroadcastReceiver the BroadcastReceiver.

!

From the code you can see this PhoneGlobals$NotificationBroadcastReceiver according to the received Intent of the three kinds of action that trigger different actions:

(1)ACTION_HANG_UP_ONGOING_CALL: hang up the ongoing call;

(2)ACTION_CALL_BACK_FROM_NOTIFICATION: sending action for Intent. ACTION_CALL_PRIVILEGED the intent, the end will start the dial-up Activity(for OutgoingCallBroadcaster from AndroidManifest that), direct dial-up;

(3)ACTION_SEND_SMS_FROM_NOTIFICATION: send Intent, to start the sending of SMS Activity, this step requires user intervention.

[1] [2] [3] [4] next