owasp-seraphimdroid
owasp-seraphimdroid copied to clipboard
Application lock bypass
I have been using Seraphimdroid for a while. And I also went through the code. Listed below are some of the bugs I have been able to find.
Issue 1 :
Test devices :
- Micromax Canvas Knight A350 ( Kitkat 4.4.4 )
- Micromax YU Yureka Plus ( Lollipop 5.1)
- Motorola Moto G ( Lollipop 5.0.1 )
- Motorola Moto G2 ( Marshmallow 6.0 )
Procedure :
- Use the app locker to lock any installed app.( I have used OS Monitor)
- Reboot the device.
- As soon as the device boots, open any locked application ( Before the ' android.intent.action.BOOT_COMPLETED' toast message pops up).
When the device is rebooted, the application ( Seraphimdroid ) waits for the BOOT_COMPLETED intent to be received. Only on receiving this intent, does the application actually become active.
But, the device ( generally ) becomes operational even before the ' BOOT_COMPLETED ' intent is received. So, within that span of time, one can easily open any application that has been locked by Seraphimdroid, without authenticating with the passcode.
Also, even after the intent is received, the locked application that is opened beforehand, still is accessible without any authentication.
Another scenario with the same issue is that the Seraphimdroid application itself can be uninstalled without having to provide the password.
Mitigation:
One of the best ways to tackle this issue would be to mandatorily (or by default ) have Seraphimdroid registered as a Device Administrator. By doing so, the application can't be uninstalled. But, the locked applications can be still accessed.
The issue is caused because the application relies upon receiving the ' BOOT_COMPLETED ' intent for initiating the main activity. Would there be issues if the application is started before the BOOT_COMPLETE intent is received ?
Issue 2:
Test device : Motorola Moto G 2nd Generation Android version : 6.0 ( Marshmallow )
Procedure :
- Use the app locker to lock any installed app.
- Open the the locked application.
- The password will be asked. But, don't type in the passcode. Just switch to the recents tab.
- The locked application and the Seraphimdroid app can be seen separately. From here, Seraphimdroid can be removed and the locked application opens and becomes operational(even though the application keeps popping up, it can be cleared again from the recents tab.)
I'd like to work on this issue. However I am facing trouble in opening the project in Android Studio. Which build.gradle file is to be used ? Any help would be appreciated.
I believe there is only one settings.gradle file. Seraphimdroid/build.gradle Hope that solves your query.
So I did Open Existing Project -> Selected Seraphimdroid/build.gradle. It finished building and then I got this error. I also tried "Import Existing Project" but still got the same error.
@nikolamilosevic86 I pulled the latest changes and am now facing the same issue @arpitgogia has described. I believe the previous commit pushed (pull request #31) has an inconsistent directory structure.
@thewayofknowing I have seen that there have been some changes in gitignore. Do you have a time to investigate and try to fix it?
@nikolamilosevic86 Yes sir, I'll look into it. @arpitgogia You should still be able to compile and run the code, even with the error that you showed (it's probably a warning of some kind, not sure). I've tried it on my system already, so please give it a try
Yeah, it compiled successfully. Thanks :). It does show it as an error in the IDE. Weird. Does a new issue need to be created specifically for this ?
I hope not. Especially if it works and can be fixed soon.
Best regards,
Nikola Milošević
On 11 March 2016 at 15:07, Arpit Gogia [email protected] wrote:
Yeah, it compiled successfully. Thanks :). It does show it as an error in the IDE. Weird. Does a new issue need to be created specifically for this ?
— Reply to this email directly or view it on GitHub https://github.com/nikolamilosevic86/owasp-seraphimdroid/issues/32#issuecomment-195405301 .