Join Our Community!Join Our WhiteHat Group On facebook & Stay Updated.

Remote code execution threat via MITM attack

Remote code execution threat via MITM attack
Remote code execution threat via MITM attack

If you utilize an application called eVestigator, charged as checking Android telephones for security bargains, delete it. That is the word from somebody marking their name as MaXe from InterN0T, who taken a gander at what the Android application really does.

 

The application asserted to test Android handsets to check whether they’ve been contaminated with malware. Be that as it may, MaXe discovered it ran an associate() filter over each accessible TCP port – every one of them 65,535 – on the telephone’s outside IP address, and afterward told the client there are a large number of “dangers” on their telephone.

 

The “report” catch in the program didn’t do anything much separated from sending the client’s outside IP deliver back to the engineer, “alongside different insights about the Android condition and client entered points of interest,” the admonitory peruses.

 

The application is likewise helpless against remote code execution through a man-in-the-center assault, the scientist asserted:


If an attacker performs a MITM attack against “api.ipify.org” by e.g. hijacking the domain name, DNS, IP prefix, or by serving a malicious wireless access point (or hijacking a legitimate one), or by hacking the server at “api.ipify.org”, then the attacker can instruct the Android application to execute attacker controlled Java code that the phone will execute in the context of the application.

The root cause of this vulnerability is caused by  () within the WebViewer, which in older API versions can be used to execute arbitrary Java code by using reflection to access public methods with attacker provided JavaScript.


MaXe says the application’s producer was informed on June 25, and reacted with a lawful risk. The merchant additionally pulled the application from Google Play, and attempted to get YouTube to expel a video showing issues with the product, before MaXe proceeded with distribution.

 

Originally written by Richard Chirgwin

Comments

comments