Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Created by:
Scan name:
3/27/2015 4:38:15 AM
Operating system:
Android
Table of Contents
Executive Summary
Issue Types
Fix Recommendations
Security Risks
OWASP Top 10
Issues
Insecure File Permission ( 1 )
Backup Flag Enabled ( 1 )
Fix Recommendations
Do not create files with insecure permissions.
Set the 'android:allowBackup' attribute to false.
Coverage
Issue Types
Activities
3/27/2015
Executive Summary
Issue Types: 2
Number of Issues
Insecure File Permission
High
Medium
Low
Informational
Go to Table of Contents
Fix Recommendations: 2
Go to Table of Contents
Number of Issues
High
Medium
Low
Informational
Go to Table of Contents
Security Risks: 2
Number of Issues
An attacker (by the use of a malicious app) may: 1. Subvert the confidentiality
of the vulnerable app by reading the created file which may contain sensitive
information 2. Subvert the integrity of the vulnerable app by writing arbitrary
data to the file.
High
Medium
Low
Informational
Go to Table of Contents
3/27/2015
OWASP Top 10
Number of Issues
M1: Weak Server Side Controls
3/27/2015
Issues
Issue 1 of 1
Go to Table of Contents
Medium
Synopsis: Android app are separate by each other by the use of sandboxing. The sandbox is implemented by multiple
facilities, one of them is by running each package with a different Linux user id (UID) which means that files
created by one app cannot be accessed by another, unless it is set so explicitly. This test detects if files are
created with world-readable or writable rights which allows a malicious app to subvert the confidentiality
and/or integrity of the vulnerable app.
Risk:
An attacker (by the use of a malicious app) may: 1. Subvert the confidentiality of the vulnerable app by
reading the created file which may contain sensitive information 2. Subvert the integrity of the vulnerable app
by writing arbitrary data to the file.
Causes:
X-Force:
93409
OWASP:
M2
Fix:
Payload
Intent Package: com.teamviewer.teamviewer.market.mobile
Intent Class:
com.teamviewer.remotecontrollib.gui.optionsactivities.ShowConnectionLogActivity
Method Signature:
android.os.FileUtils.setPermissions(java.lang.String, int, int, int):int
3/27/2015
/data/data/com.teamviewer.teamviewer.market.mobile/files/connection.txt
mode
436
Call Stack:
Function
Class
android.os.FileUtils.setPermissions(java.lang.Strin
g, int, int, int):int
FileUti (android\os\FileUtils.
ls
java:90)
...
android.content.ContextWrapper.openFileOutput(java.
lang.String, int):java.io.FileOutputStream
Context (android\content\Conte
Wrapper xtWrapper.java:185)
3/27/2015
Line
(...)
Issue 1 of 1
Go to Table of Contents
Low
Synopsis: The 'android:allowBackup' flag in the APK manifest file controls whether the App can be involved in ADB
backup and restore operations. Enabling this flag is dangerous as a malicious attacker will be able to access
application data using ADB backup mechanism or by extract it from previously created backup file.
Risk:
A malicious attacker can subvert the integrity and confidentiality of the vulnerable application by conducting a
ADB backup or ADB restore operations.
Causes:
The App's APK set allowBackup flag to 'true' or not set it at all (The default value of this setting is true).
X-Force:
None
OWASP:
M8
Fix:
Manifest:
XML:
<?xml version="1.0" encoding="utf-8"?>
<manifest
xmlns:android="http://schemas.android.com/apk/res/android"
android:versionCode="2938"
android:versionName="10.0.2938"
android:installLocation="0"
package="com.teamviewer.teamviewer.market.mobile"
>
<uses-sdk
android:minSdkVersion="14"
android:targetSdkVersion="18"
>
</uses-sdk>
<uses-feature
android:name="android.hardware.touchscreen.multitouch"
android:required="true"
>
</uses-feature>
<uses-feature
android:glEsVersion="0x00020000"
android:required="true"
>
</uses-feature>
<uses-permission
android:name="android.permission.INTERNET"
>
</uses-permission>
<uses-permission
android:name="android.permission.WAKE_LOCK"
>
</uses-permission>
3/27/2015
<uses-permission
android:name="android.permission.ACCESS_NETWORK_STATE"
>
</uses-permission>
<uses-permission
android:name="android.permission.ACCESS_WIFI_STATE"
>
</uses-permission>
<uses-permission
android:name="android.permission.READ_PHONE_STATE"
>
</uses-permission>
<uses-permission
android:name="android.permission.WRITE_EXTERNAL_STORAGE"
>
</uses-permission>
<uses-permission
android:name="android.permission.READ_EXTERNAL_STORAGE"
>
</uses-permission>
<application
android:label="@7F0D00A2"
android:icon="@7F020058"
android:name="com.teamviewer.commonresourcelib.application.TVApplication"
android:hardwareAccelerated="true"
android:largeHeap="true"
>
<activity
android:theme="@7F0E000B"
android:name="com.teamviewer.remotecontrollib.activity.MainActivity"
android:launchMode="1"
android:configChanges="0x00000020"
android:windowSoftInputMode="0x00000022"
>
<intent-filter
>
<action
android:name="android.intent.action.MAIN"
>
</action>
<category
android:name="android.intent.category.LAUNCHER"
>
</category>
</intent-filter>
</activity>
<activity
android:theme="@android:01030010"
android:name="com.teamviewer.remotecontrollib.activity.ConnectInterfaceActivity"
android:launchMode="0"
>
<intent-filter
>
<action
android:name="android.intent.action.VIEW"
>
</action>
<data
android:scheme="teamviewer8"
android:host="remotecontrol"
>
</data>
<category
android:name="android.intent.category.BROWSABLE"
>
</category>
<category
android:name="android.intent.category.DEFAULT"
>
</category>
</intent-filter>
<intent-filter
>
<action
android:name="android.intent.action.VIEW"
>
</action>
<data
android:scheme="tvcontrol1"
android:host="control"
3/27/2015
>
</data>
<category
android:name="android.intent.category.BROWSABLE"
>
</category>
<category
android:name="android.intent.category.DEFAULT"
>
</category>
</intent-filter>
<intent-filter
>
<action
android:name="android.intent.action.VIEW"
>
</action>
<category
android:name="android.intent.category.DEFAULT"
>
</category>
<category
android:name="android.intent.category.BROWSABLE"
>
</category>
<data
android:scheme="file"
>
</data>
<data
android:mimeType="*/*"
>
</data>
<data
android:pathPattern=".*\.tvc"
>
</data>
<data
android:host="*"
>
</data>
</intent-filter>
</activity>
<activity
android:theme="@7F0E000B"
android:name="o.
"
android:launchMode="1"
android:configChanges="0x000004F0"
android:windowSoftInputMode="0x00000012"
>
</activity>
<activity
android:theme="@7F0E0013"
android:name="com.teamviewer.remotecontrollib.activity.ShowHelpActivity"
android:launchMode="1"
android:configChanges="0x00000020"
>
</activity>
<activity
android:theme="@7F0E000B"
android:name="o.
"
android:launchMode="1"
android:configChanges="0x00000020"
>
</activity>
<activity
android:theme="@7F0E000B"
android:name="o.
"
android:launchMode="1"
android:configChanges="0x00000020"
>
</activity>
<activity
android:theme="@android:01030010"
android:name="com.teamviewer.remotecontrollib.activity.TutorialActivity"
android:launchMode="1"
android:configChanges="0x00000020"
>
3/27/2015
</activity>
<activity
android:theme="@7F0E000B"
android:name="com.teamviewer.commonresourcelib.activity.VersionInfoActivity"
android:launchMode="1"
>
</activity>
<activity
android:theme="@7F0E000B"
android:name="com.teamviewer.remotecontrollib.gui.optionsactivities.ShowConnectionLogActivit
y"
android:launchMode="1"
android:configChanges="0x000004A0"
>
</activity>
<activity
android:theme="@7F0E000B"
android:name="com.teamviewer.commonresourcelib.activity.ShowEventLogActivity"
android:launchMode="1"
android:configChanges="0x000004A0"
>
</activity>
</application>
</manifest>
3/27/2015
Fix Recommendations
General
Never create files with world-readable or world-writable permissions.
Use MODE_PRIVATE instead of MODE_WORLD_READABLE/MODE_WORLD_WRITABLE when calling APIs such as
Context.openFileOutput(name, mode).
For example, instead of using the following vulnerable code which creates a world-readable file:
openFileOutput("some_file.txt", MODE_WORLD_READABLE)
Use MODE_PRIVATE which only allows read access to the application package:
openFileOutput("some_file.txt", MODE_PRIVATE)
For more information, read http://developer.android.com/reference/android/content/Context.html#MODE_PRIVATE
General
Set the 'android:allowBackup' attribute from the Application tag in the Android Manifest file (AndroidManifest.xml) to "false".
For example:
<application android:allowBackup="false">
...
</application>
See http://developer.android.com/guide/topics/manifest/application-element.html#allowbackup for more details
3/27/2015
10
Coverage
Issue Types: 24
Go to Table of Contents
Activities: 10
Go to Table of Contents
com.teamviewer.remotecontrollib.gui.optionsactivities.ShowConnectionLogActivity
o.
3/27/2015
11
com.teamviewer.remotecontrollib.activity.ConnectInterfaceActivity
com.teamviewer.commonresourcelib.activity.VersionInfoActivity
com.teamviewer.remotecontrollib.activity.MainActivity
o.
o.
com.teamviewer.commonresourcelib.activity.ShowEventLogActivity
com.teamviewer.remotecontrollib.activity.TutorialActivity
com.teamviewer.remotecontrollib.activity.ShowHelpActivity
3/27/2015
12