An Android mobile phone can be captured by any application and its solution without the need of root

Source: Internet
Author: User

An Android mobile phone can be captured by any application and its solution without the need of root

Some Android applications have screenshot functions. However, the screenshot function requires the root permission. These applications cannot take screenshots of the system without the root permission.
However, the vulnerability on the Huawei P6 allows applications on the P6 mobile phone to take screenshots of the system without the root permission.
Screenshots may expose important user privacy, including the keys used to input passwords.

1. After connecting to the Huawei P6 mobile phone through the adb shell command, you can directly use the screencap command to screenshot the system. For example:

Shell @ hwp6-u06:/$ screencap-p/sdcard/screen1.png

2. You can also use screenshot to take screenshots.

Shell @ hwp6-u06:/$ screenshot/sdcard/screen2.png

3. Any app on the mobile phone can complete screenshots by calling the above command or implementing the screenshot logic.

For example, the "No Root Screenshot It" application can directly take screenshots on P6 without the need for a root phone.

However, on other mobile phones, screenshots can only be taken after root and root permissions are obtained.

1. Screen captured through screencap
 





2. Screen captured through screenshot
 





3. Screen captured by a third-party application "No Root Screenshot It"
 





4. P6 versions with Vulnerabilities
 


 


 

Solution:

Principle: Whether implemented by using the screencap or screenshot command, or by a third-party application, screenshots are ultimately directed to the fb0 node under/dev/graphics.

Huawei P6 has no strict control over access to this node. Any uid can be accessed.

shell@hwp6-u06:/ $ ls -l /dev/graphics/                                        crwxrwxrwx root     graphics  29,   0 2014-08-18 12:29 fb0crw-rw---- root     graphics  29,   1 2014-08-18 12:29 fb1crwxrwxrwx root     graphics 199,   0 2014-08-18 12:29 galcore


Other mobile phones, such as redmi 1, have strict control over access to f0. Normal applications cannot access fb0.

shell@HM2013022:/ $ ls -l /dev/graphics/crw-rw---- system   graphics  29,   0 2014-08-16 08:34 fb0

Suggestion: We recommend that you modify the default permission configuration of/dev/graphics/fb0 by Huawei. Prevents direct access to common applications.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.