• About us
  • Disclaimer
  • Privacy Policy
Thursday, February 25, 2021
  • Login
  • Register
W-SE (Web - SEcurity)
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
    • All
    • BLOG
    • COMMUNITY
    • gaming
    • Smart phone
    • smart tv
    • software
    • VR
    • Wifi
    Browsers

    A Man in the Browser Attack

    Hack

    How to Tell if Someone Hacked Your Router

    Google Chrome

    How to Disable HSTS in Chrome & Firefox

    PKI Certificates

    What Is a PKI Certificate ?

    OWASP

    DDoS Attack Statistics

    Crypto

    What Is Crypto Mining?

    Trending Tags

    • Security
    • Web Security
    • cyber-security
    • Enhanced Security
    • Data Security
    • Security Bugs
    • Network Security
    • Cybersecurity
    • Security Updates
    • Mobile Security
    • Microsoft Security Updates
    • Data security and compliance
  • Knowledgebase
  • Contact
  • About us
    • Disclaimer
  • Write For Us
No Result
View All Result
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
    • All
    • BLOG
    • COMMUNITY
    • gaming
    • Smart phone
    • smart tv
    • software
    • VR
    • Wifi
    Browsers

    A Man in the Browser Attack

    Hack

    How to Tell if Someone Hacked Your Router

    Google Chrome

    How to Disable HSTS in Chrome & Firefox

    PKI Certificates

    What Is a PKI Certificate ?

    OWASP

    DDoS Attack Statistics

    Crypto

    What Is Crypto Mining?

    Trending Tags

    • Security
    • Web Security
    • cyber-security
    • Enhanced Security
    • Data Security
    • Security Bugs
    • Network Security
    • Cybersecurity
    • Security Updates
    • Mobile Security
    • Microsoft Security Updates
    • Data security and compliance
  • Knowledgebase
  • Contact
  • About us
    • Disclaimer
  • Write For Us
No Result
View All Result
W-SE (Web - SEcurity)
No Result
View All Result
Home Android

Android App Hacking Demonstrated by Researcher Through Intent

Melina Richardson by Melina Richardson
June 13, 2020
in Android, Security
Reading Time: 2min read
0
Android

A security researcher was able to compromise an Android application by invoking every component of its exposed Activity.

The problem, explains Therese Mendoza of Trustwave, is not widespread, but it does exist and it could be exploited by attackers to cause Android apps to leak sensitive information that could then be misused for further compromise.

Activities are called using Intents, one of the three primary components of Android apps, which are messaging objects that apps use to communicate with their different components (such as Activities, Services, or Broadcast Receivers).

An AndroidManifest.xml framework typically also describes Purpose Filters. These, Mendoza says, are both Explicit (usually used to start a component within the application itself) and Implied (declare a general action to be performed, and could be done by a component from another app).

With every Android application that has an AndroidManifest.xml, from this file one can learn detailed information about the app, including declared Intents.

The security researcher found a series of exported activities being used when auditing an internal messaging framework explicitly designed for communication within a business. Such exported activities, notes from Mendoza, are often abused, among others, for malicious activity, remote execution of code and fake notifications.

The researcher was able to achieve authentication bypass by sending a Purpose to each exposed Activity variable by using a root ADB shell connected to a computer in which the application was running.

In this particular case , the researcher was able to submit an Purpose to an Operation that serves as the authenticated user interface. This led to access to the chat panel “My Groups” without the need to provide credentials.

“Anyone can explore an Android app for unintended behavior by using the information contained in the AndroidManifest.xml over an adb shell. While the Authentication Bypass here is an extreme example of what kind of insecurities can be found, this technique has been used for years to identify and exploit vulnerabilities in the Android app, “Mendoza points out.

Application developers can only export components that need to be exposed to other applications to reduce the surface of the attack, thereby reducing the amount of activities exposed in the AndroidManifest.xml. Validating all data obtained in Intents would also improve protection, just as it would be necessary to request permissions when transferring data from other applications.

Tags: hackingIntent
Previous Post

Linux Ransomware: What You Need to Know to Stay Safe

Next Post

Do you need a Streaming VPN? We’ve got one for you here

Melina Richardson

Melina Richardson

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.

Next Post
VPN software.

Do you need a Streaming VPN? We've got one for you here

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Trending
  • Comments
  • Latest
router

192.168.0.1 – 192.168.1.1 Router Login Password

April 6, 2020
inurl technology

Latest Carding Dorks List for Sql Injection 2020

January 18, 2020
HBO

Free HBO Premium Accounts and Passwords

February 4, 2020
Best-FRP-Bypass-Tools

Google Account Verification Bypass FRP Bypass Tools

February 18, 2020
SSL Inspection

What Is SSL Inspection and How Does It Work?

0
Mac Os

New unpatched macOS bypass gatekeeper published online

0
Siemens Medical Products

Wormable Windows Flaw Affected Siemens Medical Products

0
Cloud Computing

5 Tips of the Personal Data Protection in the Cloud

0
SSL Inspection

What Is SSL Inspection and How Does It Work?

February 25, 2021
url-blacklist-safe-browsing-warning-chrome

What Is a URL Blacklist?

February 25, 2021
Hacker

Different Types of Hackers

February 25, 2021
TLS Version 1.3

TLS Version 1.3

February 24, 2021
ADVERTISEMENT

Quick Links

Tech Write For US
Mr.Perfect Reviews

Recent News

SSL Inspection

What Is SSL Inspection and How Does It Work?

February 25, 2021
url-blacklist-safe-browsing-warning-chrome

What Is a URL Blacklist?

February 25, 2021
Hacker

Different Types of Hackers

February 25, 2021
TLS Version 1.3

TLS Version 1.3

February 24, 2021
W-SE (Web – SEcurity)

W-SE regularly updates cyber attacks, hacking and events that provide IT security professionals with information throughout the world. Also offering news in W-SE. We spent two years living and sharing guidance and insights with IT experts, detailed analyzes and news.

We also train people with product reviews in different form of content.

Browse by Category

  • Android
  • BLOG
  • camer
  • camera
  • COMMUNITY
  • Comparison
  • computer
  • Cyber Attacks
  • Cyber Security
  • Cybercrime
  • Encryption
  • Error
  • Featured
  • Fraud & Identity
  • gaming
  • How To?
  • laptop
  • Malware
  • Microsoft
  • Mobile
  • photography
  • Privacy
  • Projectors
  • PS4 games
  • Reviews
  • SCADA / ICS
  • Security
  • Smart phone
  • smart tv
  • software
  • Tech
  • Tech today
  • Top list
  • Uncategorized
  • Virus & Threats
  • VR
  • Vulnerabilities
  • Website
  • What is?
  • Wifi

Recent News

SSL Inspection

What Is SSL Inspection and How Does It Work?

February 25, 2021
url-blacklist-safe-browsing-warning-chrome

What Is a URL Blacklist?

February 25, 2021
  • About us
  • Contact
  • Disclaimer
  • Home
  • Privacy Policy
  • Resources
  • Support Forum
  • Tech Blog
  • Technology Write For Us
  • W-SE (Web Security)

© 2020 w-se.com - Powered by Fix Hacked Website & SSL Authority Reviews Powered by Mr.Perfect Reviews.

No Result
View All Result
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
  • Knowledgebase
  • Contact
  • About us
    • Disclaimer
  • Write For Us

© 2020 w-se.com - Powered by Fix Hacked Website & SSL Authority Reviews Powered by Mr.Perfect Reviews.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In