Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
14 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
|
||
#OASAM-UIR: Unauthorized Intent Receipt | ||
|
||
This category covers all the vulnerabilities related with the resolution of implicit Intent delivery. When an application sends an implicit Intent, there is no guarantee that a malicious application will not gather such Intent, since a malicious application could register a Intent Filter capable to pass the resolution (action, data and category), unless such Intent has a set of required permissions that the malicious user does not have. If a malicious application is able to intercept implicit Intents, it could have access to the execution of dataflow, being able to perform denial-of-service attacks or phishing. This category considers how this type of vulnerability can be exposed on particular components: Broadcast, Activities y Services. | ||
|
||
The following controls are applied in this category: | ||
|
||
**OASAM-UIR-001: Broadcast Theft.** Intent interception on Broadcast components. | ||
|
||
**OASAM-UIR-002: Activity Hijacking.** Intent interception on Activity components. | ||
|
||
**OASAM-UIR-003: Service Hijacking.** Intent interception on Service components. | ||
|
||
**OASAM-UIR-004:Weakness Special Intents.** Pending Intent interception. |