> Further, there are no permission checks inside the ServiceHandler that > handles the incoming Intent. That code is here: > https://github.com/android/platform_packages_apps_mms/blob/master/src/com/android/mms/transaction/SmsReceiverService.java Now might be a good time to fix the ability to call abortBroadcast() without a separate permission, too. We've already seen malware in the wild which swallows legitimate SMS messages (TigerBot).
https://groups.google.com/forum/?fromgroups=#!search/How$20to$20snif$20sms$20text$20on$20Android/android-security-discuss/TURchbIN_LE/8x69SeMF7eQJ On Tue, Nov 6, 2012 at 8:32 AM, Joman Chu <[email protected]> wrote: > Bah. Forgot that a reply doesn't go to the list. See below. > > ---------- Forwarded message ---------- > From: Joman Chu <[email protected]> > Date: Mon, Nov 5, 2012 at 6:46 PM > Subject: Re: [android-security-discuss] Recently discovered Smishing (sms > phishing) Vulnerability in Multiple Android Platforms (Gingerbread, ICS, > JellyBean) > To: "Hannes K." <[email protected]> > > Some proof of concept exploit code exists here > https://github.com/thomascannon/android-sms-spoof > > I haven't yet seen the official Google patch to fix the bug, so I > can't say for sure where the problem is. But I think the problem is > here: > https://github.com/android/platform_packages_apps_mms/blob/master/AndroidManifest.xml#L53 > > As you can see, SmsReceiverService is exported without any permission > checks specified in the AndroidManifest. > > Further, there are no permission checks inside the ServiceHandler that > handles the incoming Intent. That code is here: > https://github.com/android/platform_packages_apps_mms/blob/master/src/com/android/mms/transaction/SmsReceiverService.java > > > On Mon, Nov 5, 2012 at 6:18 PM, Hannes K. <[email protected]> > wrote: >> Regarding Prof. Xuxian Jiang's research >> >> there seems to be a security flaw which can be used for SMISHING and it >> affects a broad range of Android versions. >> >> I am curious what the source of this leak is and I am wondering if someone >> out there has a clue how they got it work. >> I am new to android-security and I don't want to build a malicous app!! >> (I just got thrown into an android security project at the Uni) >> >> I hope to get the ball rolling for a technical discussion. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
