Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability
2024-6-17 20:17:3 Author: www.mobile-hacker.com(查看原文) 阅读量:20 收藏

Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability

Loading

With physical access to Android device with enabled ADB debugging running Android 12 or 13 before receiving March 2024 security patch, it is possible to access internal data of any user installed app by misusing CVE-2024-0044 vulnerability.

Figure 1. Vulnerability details

Internal data of apps contain sensitive information that app works with and are not meant to be shared with other apps. These data are stored either in XML files (shared preferences) or mainly in databases. If such data are not encrypted, then by exploiting this vulnerability, it is possible to exfiltrate them from device and access them.

Using my unpatched Android 13, I was able to dump from Google Messages and Phone by Google apps unencrypted SMS messages and contact list.

Figure 2. Readable contact name and SMS body exfiltrated from Google Messages app
Figure 3. Phone number and contact name exfiltrated from Phone by Google app

From third party apps, I extracted messages and contacts from WhatsApp app, as demonstrated in the video below.

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability https://t.co/OdzIL17kbS pic.twitter.com/uJf8Kr4XdA

— Mobile Hacker (@androidmalware2) June 17, 2024

This vulnerability can be exploited even by non rooted Android smartphone with ADB tools installed, see Figure 4. If you are interested, I have created a short video tutorial on how to install ADB and fastboot in Termux app without root.

Figure 4. Exploiting CVE-2024-0044 using Android smartphone

Details

This vulnerability was discovered and reported by Meta Red Team X. Further exploitation details and prove of concept were summarized and shared by Tinyhack.com.

Conclusion

This vulnerability can be exploit only against unpatched devices with enabled ADB debugging which means that this wouldn’t be very useful to threat actors. However, this exploit could be useful to Android forensic analyst.


文章来源: https://www.mobile-hacker.com/2024/06/17/exfiltrate-sensitive-user-data-from-apps-on-android-12-and-13-using-cve-2024-0044-vulnerability/
如有侵权请联系:admin#unsafe.sh