CWE-927: Use of Implicit Intent for Sensitive Communication
Learn about CWE-927 (Use of Implicit Intent for Sensitive Communication), its security impact, exploitation methods, and prevention guidelines.
What is Use of Implicit Intent for Sensitive Communication?
• Overview: Use of Implicit Intent for Sensitive Communication (CWE-927) occurs when an Android application uses an implicit intent to send sensitive data, which can be intercepted by any application with the right intent filter.
• Exploitation Methods:
- Attackers can exploit this vulnerability by registering an intent filter to intercept implicit intents.
- Common attack patterns include prioritizing malicious receivers to block or alter data, and using sticky intents to access sensitive information over time.
• Security Impact:
- Direct consequences include unauthorized access to sensitive data and denial of service.
- Potential cascading effects include data tampering and privilege escalation.
- Business impact could be severe, ranging from data breaches to loss of customer trust and legal repercussions.
• Prevention Guidelines:
- Use explicit intents for sensitive communications to ensure only intended receivers can access the data.
- Validate and sanitize all data being transmitted via intents to prevent unauthorized access or alteration.
- Employ permissions and signature-based permissions to restrict access to sensitive intents.
- Consider using secure frameworks and libraries that manage intent communication safely.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Mobile
Vulnerable Code Example
// This code demonstrates the use of an implicit intent for sending sensitive data,
// which can be intercepted by any app that can handle the intent type.
Intent intent = new Intent(Intent.ACTION_SEND);
intent.setType("text/plain"); // This implicitly allows any app to handle the intent
intent.putExtra(Intent.EXTRA_EMAIL, new String[]{"sensitive@example.com"});
intent.putExtra(Intent.EXTRA_SUBJECT, "Sensitive Data");
intent.putExtra(Intent.EXTRA_TEXT, "This is sensitive information.");
startActivity(intent); // Any app that can handle ACTION_SEND can intercept this data
Explanation
In the vulnerable code example above, an implicit intent is used to send sensitive information such as an email address and message content. Because the intent is implicit, any application on the device that can handle ACTION_SEND intents can potentially intercept this data, posing a security risk.
How to fix Use of Implicit Intent for Sensitive Communication?
To fix this vulnerability, use explicit intents when transmitting sensitive data. An explicit intent specifies the exact component to handle the intent, thus reducing the risk of data interception by malicious apps. This is achieved by setting the component name directly in the intent. Additionally, ensure you verify that the receiving component is trusted to handle sensitive data securely.
Fixed Code Example
// This code demonstrates the use of an explicit intent for sending sensitive data,
// ensuring that only the specified component can handle the intent.
Intent intent = new Intent();
intent.setComponent(new ComponentName("com.example.emailapp", "com.example.emailapp.EmailActivity")); // Specify the exact component
intent.setAction(Intent.ACTION_SEND);
intent.setType("text/plain");
intent.putExtra(Intent.EXTRA_EMAIL, new String[]{"sensitive@example.com"});
intent.putExtra(Intent.EXTRA_SUBJECT, "Sensitive Data");
intent.putExtra(Intent.EXTRA_TEXT, "This is sensitive information.");
startActivity(intent); // Only the specified app can handle this intent
Explanation
In the fixed code example, an explicit intent is used by specifying the exact component that should handle the intent via setComponent(). This ensures that only the specified application, identified by its package and class name, can receive the sensitive data. Always confirm that the target application is trustworthy before sharing any sensitive information.