CWE-925: Improper Verification of Intent by Broadcast Receiver

Description

The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.

Submission Date :

June 24, 2013, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Extended Description

Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit system intents, it is also registered to receive any explicit intents. While a malicious application cannot send an implicit system intent, it can send an explicit intent to the target application, which may assume that any received intent is a valid implicit system intent and not an explicit intent from another application. This may lead to unintended behavior.

Example Vulnerable Codes

Example - 1

The following example demonstrates the weakness.


// ...// 
<action android:name="android.intent.action.ACTION_SHUTDOWN" /><intent-filter></intent-filter><receiver android:name=".ShutdownReceiver"></receiver>
// ...// 
<application></application><manifest package="com.example.vulnerableApplication"></manifest>

The ShutdownReceiver class will handle the intent:


// ...// 
// ...// 


mainActivity.saveLocalData();mainActivity.stopActivity();@Overridepublic void onReceive(final Context context, final Intent intent) {}IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);BroadcastReceiver sReceiver = new ShutDownReceiver();registerReceiver(sReceiver, filter);public class ShutdownReceiver extends BroadcastReceiver {}

Because the method does not confirm that the intent action is the expected system intent, any received intent will trigger the shutdown procedure, as shown here:

window.location = examplescheme://method?parameter=value

An attacker can use this behavior to cause a denial of service.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-940: Improper Verification of Source of a Communication Channel

Go to

Visit http://cwe.mitre.org/ for more details.