top of page
Search

Authentication-Based Access Control Issues in Android Applications

  • Writer: Abhilasha
    Abhilasha
  • Jul 12, 2024
  • 2 min read

Overview: Authentication-based access control issues occur when an application improperly authenticates or authorizes users, allowing attackers to access protected resources or sensitive information.

Key Points:

  1. Authentication and Authorization:

  • Authentication: Confirms the identity of a user.

  • Authorization: Determines what an authenticated user is allowed to access.

  • Vulnerabilities arise when these mechanisms are not correctly implemented, leading to potential unauthorized access to sensitive information.

  1. Example Scenario in DIVA App:

  • The DIVA app has a challenge where accessing Twitter API credentials requires entering a PIN number after authentication.

  1. Challenge:

  • Bypass the authentication check to directly access the Twitter API credentials without entering the PIN.

Steps to Exploit:

  1. Analyze Source Code:

  • Decompile the APK file using jadx to inspect the source code.

  • Navigate to the AndroidManifest.xml file to find activity entries and permissions.

  • Identify the activity AccessControl2Activity which contains the button to view Twitter API credentials.

  • Note the activity APICreds2Activity which holds the sensitive information.

  1. Invoke Activity Directly:

  • Use the Android activity manager (am) to start the APICreds2Activity directly without using the app interface.

  • Example command: shell Copy code adb shell am start -a jakhar.aseem.diva.action.VIEW_CREDS2

  • This command fails because the activity is protected by the PIN check.

  1. Understand Source Code for Bypass:

  • Explore the source code of AccessControl2Activity.java.

  • Find the function public void viewAPICredentials(View view) which contains a boolean variable chk_pin controlling access.

  1. Identify PIN String:

  • The value of chk_pin is referenced in the string.xml file.

  • Download the DIVA app source code from GitHub.

  • Navigate to app/src/main/res/values/strings.xml to find the entry: xml Copy code <string name="chk_pin">check_pin</string>

  1. Bypass PIN Check:

  • Use the Android activity manager to pass the correct intent with the required extra parameter: shell Copy code adb shell am start -a jakhar.aseem.diva.action.VIEW_CREDS2 -ez "check_pin" false

  • This command sets chk_pin to false and successfully opens the activity showing the sensitive Twitter API credentials without requiring authentication.

Summary:

  • Authentication-based access control issues can lead to unauthorized access to sensitive information.

  • Proper implementation of authentication and authorization is crucial to prevent such vulnerabilities.

  • In the DIVA app, using the activity manager to pass specific intent parameters demonstrates how attackers can exploit weak access controls to bypass authentication and access protected resources directly

 
 
 

Recent Posts

See All
PE internals

Linked Libraries and Functions Imported Functions: Definition: These are functions used by a program that are actually stored in...

 
 
 
OS internals

Privilege Separation Concept: Modern operating systems separate user applications (untrusted) from critical operating system components...

 
 
 
Memory Management in short

Address Space CPU Access: To run instructions and access data in main memory, the CPU needs unique addresses for that data. Definition:...

 
 
 

Comments

Subscribe Form

Thanks for submitting!

©2021 by just dump 1. Proudly created with Wix.com

bottom of page