Dark Mode

Settings

Capec-499 Detail

Android Intent Intercept

Standard Software

Parents: 117

Children: 501

Description

An adversary, through a previously installed malicious application, intercepts messages from a trusted Android-based application in an attempt to achieve a variety of different objectives including denial of service, information disclosure, and data injection. An implicit intent sent from a trusted application can be received by any application that has declared an appropriate intent filter. If the intent is not protected by a permission that the malicious application lacks, then the attacker can gain access to the data contained within the intent. Further, the intent can be either blocked from reaching the intended destination, or modified and potentially forwarded along.

Not present

External ID Source Link Description
CAPEC-499 capec https://capec.mitre.org/data/definitions/499.html
CWE-925 cwe http://cwe.mitre.org/data/definitions/925.html
REF-427 reference_from_CAPEC https://people.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdf Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing Inter-Application Communication in Android, 2011, International Conference on Mobile Systems, Applications, and Services (MobiSys)
Explore

  1. Find an android application that uses implicit intents: Since this attack only works on android applications that use implicit intents, rather than explicit intents, an adversary must first identify an app that uses implicit intents. They must also determine what the contents of the intents being sent are such that a malicious application can get sent these intents.

Experiment

  1. Create a malicious app: The adversary must create a malicious android app meant to intercept implicit intents from a target application

    2. Techniques
    Specify the type of intent wished to be intercepted in the malicious app's manifest file using an intent filter

  2. Get user to download malicious app: The adversary must get a user using the targeted app to download the malicious app by any means necessary

Exploit

  1. Intercept Implicit Intents: Once the malicious app is downloaded, the android device will forward any implicit intents from the target application to the malicious application, allowing the adversary to gaina access to the contents of the intent. The adversary can proceed with any attack using the contents of the intent.

    2. Techniques
    Block the intent from reaching the desired location, causing a denial of service
    Gather sensitive information from the intercepted intent
    Modify the contents of the intent and forward along to another application
  1. An adversary must be able install a purpose built malicious application onto the Android device and convince the user to execute it. The malicious application is used to intercept implicit intents.

Not present

Not present

Integrity Availability Confidentiality
Modify Data Resource Consumption Read Data

Not present

We use cookies to ensure you get the best experience on our website.