LBE arbitrary number interception vulnerability and Solution

Source: Internet
Author: User

LBE arbitrary number interception vulnerability and Solution

LBE exports the blacklist, whitelist, and keyword interception databases to third-party programs in the form of ContentProvider without verifying the caller. As a result, the interception function is abused.

1. Use AndroidMainfest. xml to explicitly export "com. lbe. security. phone" without adding any permission restrictions.

 

<provider android:authorities="com.lbe.security.phone" android:enabled="true" android:exported="true" android:name="com.lbe.security.service.phone.provider.TelephonyProvider" android:process=":service" />




2. the exported ContentProvider provides some URI access.

Content: // com. lbe. security. phone/blacklist (blocking blacklist management)

Content: // com. lbe. security. phone/whitelist (whitelist Management)

Content: // com. lbe. security. phone/keyword (blocking keyword)

Content: // com. lbe. security. phone/marker (unknown number mark)

Content: // com. lbe. security. phone/baselist (basic data management, used to store Rules)

Content: // com. lbe. security. phone/blocklog (blocking logs)

Sms

Mms

Call

Content: // com. lbe. security. phone/ipwhitelist

Content: // com. lbe. security. phone/yellow_page_cache

Content: // com. lbe. security. phone/user_permit_number

3. When the LBE feature is enabled, third-party programs can manage and control the communication and text messages of mobile phones through the URI mentioned above.



Vulnerability threat

1. Black List Management allows third-party programs to intercept calls or text messages without any permissions, and the white list will run any calls or receive text messages, so that the original interception function does not play a substantive role.

2. Compared with existing malicious code, existing payment Trojans need to listen to text messages to obtain the Payment Verification Code. In this way, malicious code is required to have SMS-related permissions, it is easy to be intercepted by active defense software. However, the lbe function allows malicious code to obtain the payment verification code without any permissions.

3. SMS control Trojans can also filter command text messages without any permissions to achieve relatively hidden control functions.

 

1) modify the blacklist library. 1. apply_to is the interception type (SMS, phone number)

Figure 2 blacklist inserted successfully

2) obtain the interception record and read the intercepted information. "lbe blacklist test" in Figure 3 is the text message content sent to the interception number.

 

Figure 3 obtain interception records



3) Clear interception logs and erase traces

4) Ask him to verify the database content in the same way as the blacklist

5) because the database uses plaintext storage, if the system is already root, the interception function will be easily cracked.

Solution:

1. If the function does not need to be provided to a third-party program, do not export

2. Add verification to the caller for sensitive operations.

3. fine-grained permission Control for sensitive operations

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.