Apsara Android client remote code execution to remote reading of any user's system Address Book + chat information (earlier version is required)

Source: Internet
Author: User

Apsara Android client remote code execution to remote reading of any user's system Address Book + chat information (earlier version is required)

As a comprehensive communication service of China Mobile, Feixin integrates voice (IVR), GPRS, SMS, and other communication methods, it covers customer communication requirements in three different forms (completely real-time voice service, quasi-real-time text and small data volume communication service, and non-real-time communication service, implement seamless communication between the Internet, mobile Internet, and mobile network. Currently, the number of users reaches 10 million.

Anti-encoding: The addjavascriptinterface () method of multiple webviews is not removed from the latest Android version (v5.1.1), and targetsdk = 11. Therefore, the webview remote code execution vulnerability exists. For detailed analysis, see: login/

Example 1 of the vulnerability code:
 

Cn.com. fetion. activity. private void setWebViewSettings () {this. mWebView. getSettings (). setCacheMode (2); this. mWebView. getSettings (). setJavaScriptEnabled (true); this. mWebView. getSettings (). setsuppzoom zoom (true); this. mWebView. getSettings (). setBuiltInZoomControls (true); this. mWebView. getSettings (). setJavaScriptCanOpenWindowsAutomatically (true); this. mWebView. getSettings (). setAllowFileAccess (true); this. mWebView. getSettings (). setPluginState (WebSettings $ PluginState. ON); this. mWebView. getSettings (). setBlockNetworkImage (false); this. mWebView. getSettings (). setUseWideViewPort (true); this. mWebView. getSettings (). setLoadWithOverviewMode (true); this. mWebView. getSettings (). setAppCacheEnabled (false); this. mWebView. setInitialScale (100); this. mWebView. getSettings (). setDomStorageEnabled (true); this. mWebView. addJavascriptInterface (new InJavaScriptInterface (this), "local_method"); this. chromeClient = new FetionChromeClient () {public void onReachedMaxAppCacheSize (long arg2, long arg4, WebStorage $ QuotaUpdater arg6) {super. onReachedMaxAppCacheSize (arg2, arg4, arg6 );}};


 



At the same time, because the Apsara app will read the system address book and save the address book and chat information in plaintext to the private directory of the local APP (/data/cn.com. fetion/databases/fetion. db)
 

 



By combining the two, you only need to send a link to remotely attack any app user (the android version must be earlier than 4.2) to obtain the user's address book, chat information, and other privacy information.

Method:

1. send any message containing this link (http://www.droidsec.cn/fetionpoc.html)

2. When a user receives a message and accesses this link in the app, the user can remotely obtain the address book and all chat information.

The following is the address book information.
 


The following is a chat record
 

 

Solution:

Remove the vulnerability interface mentioned above to encrypt and store user data.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.