AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insecure Service Exposure

The malicious applications can make use of services without having appropriate permissions

Severity

High

Fix Cost

Low

Trust Level

Low

Components can be exported through Android configuration file. Exported components in an application can be activated/triggered by the outside applications through implicit or explicit Intents with broadcasting.

A component is exported if any of the followings is true;

  • The value of the export attribute of the component definition in the configuration file (AndroidManifest.xml) is true
  • The component definition in the configuration file (AndroidManifest.xml) has Intent filters defined

Exported services pose a greater risk since they run in the background which other components can bind to using Intents with method APIs such as;

                
startService(Intent i)
bindService(Intent i, ServiceConnection conn, int flags)
                
            

This lets the binder to easily invoke methods that are declared in the target Service's interface.

An possible vulnerable configuration definition for a content provider follows;

            
<manifest …>
<service android:name=".app.mysmssender" android:process=":remote" android:exported="true"/>
...
</manifest>
              
          

In the above configuration the services is exported, however, not protected by any dangerous or signature level permissions.

In this type of attack, as long as the vulnerable components are exported, malicious applications can use either implicit or explicit Intents to use and possibly leak information from the target service.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!