Full Disclosure mailing list archives
Re: "Data-Clone" -- a new way to attack android apps
From: Jann Horn <jannhorn () googlemail com>
Date: Sun, 17 Mar 2013 19:18:30 +0100
On Sun, Mar 17, 2013 at 06:09:09PM +0800, IEhrepus wrote:
"Data-Clone" -- a new way to attack android apps Author: SuperHei () www knownsec com [Email:5up3rh3i#gmail.com] Release Date: 2013/03/16 References: http://www.80vul.com/android/data-clone.txt Chinese Version: http://blog.knownsec.com/2013/03/attack-your-android-apps-by-webview/ --[ I - Introduction This is a new way to attack android apps t,and i call it "Data-Clone Attack". it can bypass password authentication ,when user login the app and set "remember password"(some apps is define).
[...]
--[ III - How to exploit "How to get the contents of data" is key to the completion of the attack. some like this: 1. Already have super privileges under the root shell like the demo,u can bypass password authentication used "Data-Clone Attack". 2. apps install on SDcard the others have read permissions to obtain the app's data.
I'm pretty sure that this is wrong. Apps on the SD card are encrypted. The crypto is flawed, but not so flawed that this kind of attack would be possible. Also, apps on the device even need an exploit just to be able to read the encrypted data.
3. Cross-site scripting on android app + webview + xss(or webkit xcs vul) = "Data-Clone" On older version of android , android app's xss or webkit xcs vul can read the loacl file's contents : http://www.80vul.com/android/android-0days.txt So the app's webview have the file read permissions to the app's data. when a app user visit a URL link,the data will Be cloned。 --[ IV - Disclosure Timeline 2012/03/ - Found this 2012/12/10 - Report it to security () android com ......For a long time has passed...... 2013/03/16 - security () android com do not have any response (maybe,because Google was not andriod's biological mother) 2013/03/16 -Public Disclosure
Or maybe because it's not exactly interesting that you can read an app's data if you can execute code in its context?
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- "Data-Clone" -- a new way to attack android apps IEhrepus (Mar 17)
- Re: "Data-Clone" -- a new way to attack android apps Jann Horn (Mar 17)
- Re: "Data-Clone" -- a new way to attack android apps IEhrepus (Mar 17)
- Re: "Data-Clone" -- a new way to attack android apps IEhrepus (Mar 17)
- Re: "Data-Clone" -- a new way to attack android apps IEhrepus (Mar 17)
- Re: "Data-Clone" -- a new way to attack android apps Jann Horn (Mar 17)