The vulnerability can also be triggered when the attacker is in position of MITM (Man In The Middle) as we can inject arbitrary JavaScriptĬode inside HTML page accessed over HTTP. ![]() Our vulnerability can be triggered via a mail (by clicking on a crafted link) or by browsing a malicious page in Chrome/stock browser. If the user chooses "yes",Īn arbitrary application is installed, if not we can relaunch the popup making the user thinks the "cancel" button is not working. The result is a popup showed by the vulnerable application asking the user if he wants to update or not. When launched with special attributes, we can fool the vulnerable application in thinking that an update is available. This application is present by default in the Samsung Galaxy S5 ROM (and many others) and is part of the Samsung KNOX security solution The vulnerable application is UniversalMDMApplication, its goal is to make the user enrollment easier for the enterprises. ![]() We quickly spotted a simple vulnerability and had a working exploit. So the release day of the Samsung Galaxy S5 we gave a look at the firmware to ![]() At Quarkslab, we like to play with Android devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |