ID CVE-2018-6599
Summary An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls.
References
Vulnerable Configurations
  • cpe:2.3:o:orbic:wonder_rc555l_firmware:7.1:*:*:*:*:*:*:*
    cpe:2.3:o:orbic:wonder_rc555l_firmware:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:orbic:wonder_rc555l_firmware:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:orbic:wonder_rc555l_firmware:7.1.2:*:*:*:*:*:*:*
  • cpe:2.3:h:orbic:wonder_rc555l:-:*:*:*:*:*:*:*
    cpe:2.3:h:orbic:wonder_rc555l:-:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 29-10-2018 - 19:07)
Impact:
Exploitability:
CWE CWE-532
CAPEC
  • Fuzzing and observing application log data/errors for application mapping
    An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
misc https://www.kryptowire.com/portal/android-firmware-defcon-2018/
Last major update 29-10-2018 - 19:07
Published 29-08-2018 - 19:29
Last modified 29-10-2018 - 19:07
Back to Top