CWE-925: Improper Verification of Intent by Broadcast Receiver

Description

The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.

Extended Description

Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit system intents, it is also registered to receive any explicit intents. While a malicious application cannot send an implicit system intent, it can send an explicit intent to the target application, which may assume that any received intent is a valid implicit system intent and not an explicit intent from another application. This may lead to unintended behavior.

ThreatScore

Threat Mapped score: 1.8

Industry: Finiancial

Threat priority: P4 - Informational (Low)

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

CAPEC-499

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Architecture and Design	N/A

Common Consequences

Impact: Gain Privileges or Assume Identity — Notes: Another application can impersonate the operating system and cause the software to perform an unintended action.

Potential Mitigations

Architecture and Design: Before acting on the Intent, check the Intent Action to make sure it matches the expected System action. (N/A)

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

Intro: The following example demonstrates the weakness.

Body: The ShutdownReceiver class will handle the intent:

<manifest package="com.example.vulnerableApplication"> <application> ... <receiver android:name=".ShutdownReceiver"> <intent-filter> <action android:name="android.intent.action.ACTION_SHUTDOWN" /> </intent-filter> </receiver> ... </application> </manifest>

Notes

Maintenance: This entry will be made more comprehensive in later CWE versions.

← Back to CWE list