Simple Exploit for Verification of CVE-2015-6606

This is a simple exploit to verify a code injection vulnerability that exists in the SEEK smartcard service versions 3.1.0 and below (CVE-2015-6606, Google internal bug# ANDROID-22301786). The vulnerability allows specially crafted Android application packages to inject arbitrary code into the execution context of the smartcard system service. This code inherits all permissions granted to this system service, which include signature-or-system permissions that are not normally granted to third party apps.

Further details can be found in our report Executing Arbitrary Code in the Context of the Smartcard System Service (see literature section below).

DISCLAIMER

You are using this application at your own risk. We are not responsible for any damage caused by this application, incorrect usage or inaccuracies in this manual.

LITERATURE

• CVE-2015-6606
• Google: Nexus Security Bulletin - October 2015
• M. Roland: "Executing Arbitrary Code in the Context of the Smartcard System Service," arXiv:1601.05833 [cs.CR], Computing Research Repository (CoRR), arXiv.org/corr, University of Applied Sciences Upper Austria, JR-Center u'smile, January 2016.
• M. Roland and M. Hölzl: "Open Mobile API: Accessing the UICC on Android Devices," arXiv:1601.03027 [cs.CR], Computing Research Repository (CoRR), arXiv.org/corr, University of Applied Sciences Upper Austria, JR-Center u'smile, January 2016.

License: GNU General Public License v3.0