Pages: [1]

Author Topic: Android < 5.0 SMS & SQL injection vulnerabilities  (Read 2723 times)

0 Members and 1 Guest are viewing this topic.

Offline Polyphony

  • VIP
  • Knight
  • *
  • Posts: 178
  • Cookies: 23
    • View Profile
Android < 5.0 SMS & SQL injection vulnerabilities
« on: November 26, 2014, 03:51:29 pm »
So I'm not sure who all is subscribed to the fulldisclosure@seclists.org mailing list, but I definitely recommend it (warning, it's pretty active and you *will* receive a ton of emails)

Anyways, I know some of you are interested in Android development and this particular vulnerability lets a malicious application developer send SMS without user interaction and without the messaging privileges needed for normal sms applications.  The bug was fixed in android > 5.0 but that's definitely not the majority (they're pretty sure it has to be android >= 4.0 too) Link.

Also, there was another vulnerability, an SQL injection in WAPPushManager, that effects android < 5.0.  Link.

The SQL injection actually allows a remote attacker to start any arbitrary activity or service (with permission check).  Useful, but since you have to get the user's permission I'm not exactly sure how effective this will be, but it's definitely interesting to see the PoC.

So I guess this post was a half-endorsement for that seclists.org mailing list and some interesting links to some pretty cool android exploits.  I stopped messing with android dev a while back, but I might download eclipse (ugh) and start up an android emulator just to mess with this bug.   :D


EDIT: Oops, I haven't posted in a while and I forgot we had an android board, if you could move it over there that would be cool, I apologize for the derpness
« Last Edit: November 26, 2014, 03:57:50 pm by Polyphony »
Report to moderator   Logged
Code: [Select]
<Spacecow_> for that matter I have trouble believing bitches are made out of ribs
<Gundilido> we are the revolutionary vanguard fighting for the peoples right to display sombrero dawning poultry
<Spacecow> did they see your doodle?
<~phage> Maybe
<+Unresolved> its just not creative enough for me
<+Unresolved> my imagination is to big to something so simple

Offline Xires

  • Noob Eater
  • Administrator
  • Knight
  • *
  • Posts: 379
  • Cookies: 149
    • View Profile
    • Feed The Trolls - Xires
Re: Android < 5.0 SMS & SQL injection vulnerabilities
« Reply #1 on: November 26, 2014, 07:16:00 pm »
Interesting information.  Seclists.org can indeed fill an email box pretty quickly.  The RSS feeds aren't much better unless you're using a filtering aggregator.

Concerning the listed vulns; these both sound like something that's pretty easily patchable.  I'll be interested to see how long it takes for carriers and/or manufacturers to push out an update.  It looks like the SQLi was reported over a month ago and the SMS vuln was reported 2 months ago.  Clock's ticking.

As for android dev; you don't have to use eclipse anymore.  Android Studio is based on IntelliJ CE and I've found it far easier to work with.  I also dislike having to use eclipse if I can avoid it.  IntelliJ has proven to be a bit faster for me as well.
Report to moderator   Logged
-Xires

Offline naenae

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: Android < 5.0 SMS & SQL injection vulnerabilities
« Reply #2 on: December 11, 2014, 12:45:12 pm »
thanks for the info
Report to moderator   Logged
Pages: [1]