Intent-based communication support is very convenient for interoperability on Android, but exposes apps to potential spoofing attacks.
On HTML.it we talked extensively about Android in our guide , and we explained how this mobile operating system allows the elements with which an application is made to communicate and interact with each other through various techniques. One type of communication that we see most commonly within the Android app is the one that happens through the Intent . These exchanges of data, however, if not properly managed and attenuated, can cause security holes in the applications themselves. In this article we will look at what is Intent Spoofing , and what damage it can do to an Android app.
Intent Spoofing: definition and bases
The computer security surfers will certainly be aware of the term spoofing , but wanting to give a hint anyway we say that spoofing is a type of cyber attack that consists in the manipulation of data to obtain the falsification of its identity and, in a more generic sense , to obtain the falsification of application information.
To explain what the Intent Spoofing consists of, which is a particular type of spoofing attack , we must first list the main components with which it is possible to create an Android application. We have already talked about this in a special lesson of the guide to Android , but we quickly resume them in the following:
Each of the components listed above has the ability to communicate through the use of the Intent. As default behavior, all components can receive Intent only from components belonging to the application itself, but not from external applications (although this possibility can be enabled through the AndroidManifest , using the attribute android:exported).
- Activity : represent an application screen, and contain the graphic elements that allow the user to interact with it
- Services : these are components that run in the background and are used to process operations that need to last for a long time
- Broadcast receivers : on the other hand, they are members to whom you register to receive notifications of particular events
An Intent, in its most common sense, can therefore be defined as a request by a component of a feature that is implemented in another component. This mechanism is well known by users of the app, and even if they may not be aware of it, every time an application asks permission to access a feature of the phone, such as using the camera, you are not doing anything else that take advantage of an Intent.
The Intent are subdivided essentially into two categories:
- Explicit intents
- Intent implicit
The explicit Intent indicate explicitly the component you want to call, using the appropriate class Java that represents it:
Intent i = new Intent(contex, ActivityB.class);
The implicit Intent , in return, indicate only the action you want to perform, and will be the Android framework to offer the user the different possibilities:
Intent i = newIntent(action, uri);
By exploiting the Intent, we have the possibility to perpetrate two types of attacks: the Intent Interception and the Intent spoofing :
l ‘ Intent interception is a type of attack that is to receive an Intent that had not been required, with the subsequent loss of sensitive information but, more importantly, with the activation of a component that was not wanted, and that can be potentially harmful to the user
the Intent spoofing is instead the attack we will talk about, and induces unwanted behaviors through the execution of an ad hoc manipulated Intent.
Scenario
A typical scenario that represents an Intent spoofing attack is shown in the following figure:
In this scenario we have two main entities: a normal app, represented by the Messenger App , and a second malicious app, represented by the Malicious App . We see that Messenger App is sending, through an Intent, information from the Activity Message Composer (which we think can be used to compose a text message) to the Activity Message Sender (which we think can take care of sending the above message).
A malicious application could perform an Intent spoofing attack by registering as an Activity capable of receiving a type of Intent to modify its content with malicious parameters or data.
To check for possible flaws in their applications, the Android framework provides a utility called am (which stands for A ctivity M anager). This utility allows you to create and send Intent to the Activity of the apps installed on your Android emulator. To run the utility, first access the Android emulator console using the command:
adb shell
With the command am you can create Intent and assign data to them to send them to the activities chosen by the attacker. For example, the following code creates an Intent to be sent to the Activity A , containing as a parameter a string and an integer.
am start \ -a android.intent.action.SENDTO \ --es com.test.android.app.Telefono 329111 \ --ei com.test.android.app.Civico 10 \ -n com.test.android.app/.activity.Activity_A
We understand immediately that, if our applications are not properly designed, anyone, through the creation of Intent, would be able to interact with our activities, doing unexpected or otherwise harmful behavior.
Protect yourself from the Intent Spoofing
Here are some simple tips to design Intent Spoofing-proof applications:
- avoid the use of implicit Intent, opting instead for explicit ones
- in the AndroidManifest, set the value for each component android:exported: this will eliminate the risk that Intent not explicitly requested can interact with our app
- if it is necessary to accept Intent from external applications, we must carefully check the data that are sent through appropriate code controls
