The Android system there are some vulnerabilities can lead to system reboot, of course, allow the system to restart just a phenomenon, these vulnerabilities there may also be elevation of Privilege, execution code, etc. This article to restart this phenomenon is the basis for classification, far-fetched of these vulnerabilities on a piece of view. Next, these the vulnerability of the Genesis and essence of a simple analysis, and try to attach the compiled poc and exploit demo video.
https://labs.mwrinfosecurity.com/advisories/2014/11/05/nexus-5-4-4-2-local-dos/ vulnerability overview:
Nexus 5 comes loaded with a hidden used to test the network connectivity of the system application. In 4. 4. 3 before version, this application has a large number of export activity, such activity does not require any permission it may be an external call. One of the export activity can make the phone suffer from the DOS attack, the external call you can make phone directly reboot.
In addition to call this component to make the system restart, if a malicious application registration response to the BOOT_COMPLETED broadcast, and sends the appropriate intent to the vulnerability of the activity component, then the phone will cycle reboot.
There is a vulnerability of the application package: the com. lge. SprintHiddenMenu
The presence of vulnerabilities of the components: com. lge. SprintHiddenMenu. sprintspec. SCRTN, the component is derived, and does not do any permission restrictions. By following command you can make the Nexus 5 The phone reboots:
adb shell am start –n com. lge. SprintHiddenMenu/com. lge. SprintHiddenMenu. sprintspec. SCRTN