Corgea LogoCorgea Security Hub

CWE-925: Improper Verification of Intent by Broadcast Receiver

Learn about CWE-925 (Improper Verification of Intent by Broadcast Receiver), its security impact, exploitation methods, and prevention guidelines.

What is Improper Verification of Intent by Broadcast Receiver?

• Overview: This vulnerability occurs when an Android application uses a Broadcast Receiver to receive Intents without properly verifying if they originate from authorized sources, leading to potential unauthorized access or behavior.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by sending explicit Intents to the Broadcast Receiver.
  • Common attack patterns include crafting explicit Intents that mimic system-generated implicit Intents to trick the application into performing unintended actions.

• Security Impact:

  • Direct consequences include unauthorized actions being performed by the application.
  • Potential cascading effects involve exposure of sensitive data or alteration of application state.
  • Business impact may include reputational damage, data breaches, or loss of user trust.

• Prevention Guidelines:

  • Specific code-level fixes include checking the origin of the Intent and verifying permissions before processing.
  • Security best practices involve using Intent filters carefully and validating the sender of the Intent.
  • Recommended tools and frameworks include Android's security features like permission checks and using LocalBroadcastManager for internal broadcasts.
Corgea can automatically detect and fix Improper Verification of Intent by Broadcast Receiver in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not Language-Specific

Affected Technologies: Mobile

Vulnerable Code Example

Android Java Example

// BroadcastReceiverExample.java {10-12}
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.util.Log;

public class VulnerableBroadcastReceiver extends BroadcastReceiver {
    @Override
    public void onReceive(Context context, Intent intent) {
        // Vulnerable code: The broadcast receiver does not verify the source of the intent
        String action = intent.getAction(); // The action from the intent is obtained
        if ("com.example.ACTION".equals(action)) {
            Log.d("VulnerableReceiver", "Received action: " + action); // Logs the action received
            // Process the intent data without verification
            String data = intent.getStringExtra("data"); // Data is extracted without verifying intent source
            Log.d("VulnerableReceiver", "Received data: " + data);
        }
    }
}

Explanation

In the above vulnerable code, the broadcast receiver processes an intent without verifying the sender's authenticity. This can allow any app to send a broadcast with the specified action, potentially leading to unauthorized data processing or malicious actions.

How to fix Improper Verification of Intent by Broadcast Receiver?

To fix this vulnerability, it is crucial to verify the source of the intent. This can be achieved by using permissions to restrict which apps can send broadcasts to your receiver or by checking the package name of the sender. A combination of custom permissions and signature-level permissions is recommended. For sensitive data, consider using LocalBroadcastManager to limit broadcast exposure to other apps.

Fixed Code Example

// BroadcastReceiverExample.java {10-16}
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.util.Log;
import android.content.pm.PackageManager;

public class SecureBroadcastReceiver extends BroadcastReceiver {
    @Override
    public void onReceive(Context context, Intent intent) {
        // Fixed code: Verify the sender's identity using the package manager
        String action = intent.getAction();
        if ("com.example.ACTION".equals(action)) {
            // Check the sender's package name
            String senderPackage = intent.getPackage();
            if (senderPackage != null && senderPackage.equals("com.trusted.app")) {
                Log.d("SecureReceiver", "Received action from trusted source: " + action);
                // Process the intent data securely
                String data = intent.getStringExtra("data");
                Log.d("SecureReceiver", "Received data: " + data);
            } else {
                Log.w("SecureReceiver", "Untrusted source attempted to send broadcast");
            }
        }
    }
}

Explanation

In the fixed code example, the broadcast receiver now checks the package name of the sender before processing the intent. It only processes broadcasts from a trusted package ("com.trusted.app"). This prevents unauthorized apps from sending potentially harmful broadcasts to your receiver. Such verification is essential when dealing with sensitive actions or data to enhance security.

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-925: Improper Verification of Intent by Broadcast Receiver and get remediation guidance

Start for free and no credit card needed.