Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SMS_ListMessageRequst() does not list unicode SMSs (remote denial of service exploit) #370

Open
zkemble opened this issue Aug 10, 2019 · 1 comment

Comments

@zkemble
Copy link

@zkemble zkemble commented Aug 10, 2019

1. SDK version(SDK 版本)

{
v2.129
}


2. In what kind of operation problems appear, and how to reproduce the problem ?(什么样的操作步骤问题会出现,是否是稳定复现,如何复现问题?)

{
SMS_ListMessageRequst(SMS_STATUS_ALL, SMS_STORAGE_SIM_CARD); does not list unicode SMSs (containing things like emojis 📞). This makes it rather difficult to delete the message as you have to guess the index number.
}


@zkemble

This comment has been minimized.

Copy link
Author

@zkemble zkemble commented Aug 10, 2019

I've also found that this issue creates 2 remote denial of service exploits (if the attacker knows the phone number of the device using an A9/A9G):

  1. Since unicode SMSs are not listed, they will probably never be deleted. This means an attacker can send a load of emoji texts to the device and fill up the SIM and flash storage, preventing further SMSs from being stored.
  2. It also seems that when listing unicode SMSs, memory is allocated for them, but then never freed. This means each time SMS_ListMessageRequst() is called memory will be leaked for each unicode SMS. Eventually causing a heap overflow and crashing the A9G. (Tested on SDK v2.112 and v2.129)
@zkemble zkemble changed the title SMS_ListMessageRequst() does not list unicode SMSs SMS_ListMessageRequst() does not list unicode SMSs (remote denial of service exploit) Aug 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.