[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [FD] CVE-2014-8610 Android < 5.0 SMS resend vulnerability
From: Joshua Wright <jwright () hasborg ! com>
Date: 2014-11-29 20:38:30
Message-ID: 09C00366-FA08-42AC-809C-4DE37BE919E7 () hasborg ! com
[Download RAW message or body]
> On Nov 25, 2014, at 9:55 PM, Wang,Tao(Scloud) <wangtao12@baidu.com> wrote:
>
> INTRODUCTION
> ==================================
> In Android <5.0, an unprivileged app can resend all the SMS stored in the user's phone to \
> their corresponding recipients or senders (without user interaction). No matter whether these \
> SMS are sent to or received from other people. This may leads to undesired cost to user. Even \
> the worse, since Android also allow unprivileged app to create draft SMS, combined with this \
> trick, bad app can send any SMS without privilege requirement.
I put together a Drozer module to leverage this flaw:
https://github.com/joswr1ght/drozer-modules/blob/master/whfs/smsdraftsend.py
Note that this flaw can be used for SMS premium message (short code) delivery, but does not \
bypass the Android 4.2 and later verification dialog box prior to delivery. Normal SMS message \
delivery works fine without the SEND_SMS privilege.
-Josh
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic