Android Task Hijacking

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Try Hard Security Group

Join the Try Hard Security Discord Server!Discord

Task, Back Stack and Foreground Activities

Katika Android, task kimsingi ni seti ya shughuli ambazo watumiaji wanashirikiana nazo ili kukamilisha kazi maalum, zimepangwa ndani ya back stack. Stack hii inaweka shughuli kulingana na wakati zilifunguliwa, huku shughuli ya hivi karibuni ikionyeshwa juu kama foreground activity. Katika wakati wowote, shughuli hii pekee ndiyo inaonekana kwenye skrini, na kuifanya kuwa sehemu ya foreground task.

Hapa kuna muhtasari wa harakati za shughuli:

Activity 1 inaanza kama shughuli pekee katika foreground.
Kuanzisha Activity 2 kunasukuma Activity 1 kwenye back stack, na kuleta Activity 2 kwenye foreground.
Kuanzisha Activity 3 kunahamisha Activity 1 na Activity 2 nyuma zaidi kwenye stack, huku Activity 3 ikiwa mbele.
Kufunga Activity 3 kunarudisha Activity 2 kwenye foreground, ikionyesha mfumo wa urambazaji wa kazi wa Android.

Task affinity attack

Overview of Task Affinity and Launch Modes

Katika programu za Android, task affinity inaelezea kazi inayopendelea shughuli, ikilingana kawaida na jina la pakiti ya programu. Mpangilio huu ni muhimu katika kuunda programu ya mfano (PoC) ya kuonyesha shambulio.

Launch Modes

Attribute ya launchMode inaelekeza usimamizi wa mifano ya shughuli ndani ya kazi. Modo ya singleTask ni muhimu kwa shambulio hili, ikielekeza hali tatu kulingana na mifano ya shughuli zilizopo na mechi za task affinity. Uhalifu huu unategemea uwezo wa programu ya mshambuliaji kuiga task affinity ya programu lengwa, ikipotosha mfumo wa Android kuanzisha programu ya mshambuliaji badala ya lengwa iliyokusudiwa.

Detailed Attack Steps

Malicious App Installation: Mwathirika anaweka programu ya mshambuliaji kwenye kifaa chao.
Initial Activation: Mwathirika kwanza anafungua programu ya uhalifu, akitayarisha kifaa kwa shambulio.
Target App Launch Attempt: Mwathirika anajaribu kufungua programu lengwa.
Hijack Execution: Kutokana na mechi ya task affinity, programu ya uhalifu inazinduliwa badala ya programu lengwa.
Deception: Programu ya uhalifu inaonyesha skrini ya kuingia bandia inayofanana na programu lengwa, ikimdanganya mtumiaji kuingiza taarifa nyeti.

Kwa utekelezaji wa vitendo wa shambulio hili, rejelea hifadhi ya Task Hijacking Strandhogg kwenye GitHub: Task Hijacking Strandhogg.

Prevention Measures

Ili kuzuia mashambulizi kama haya, waendelezaji wanaweza kuweka taskAffinity kuwa string tupu na kuchagua modo ya singleInstance, kuhakikisha kutengwa kwa programu yao kutoka kwa nyingine. Kubadilisha kazi ya onBackPressed() kunatoa ulinzi wa ziada dhidi ya task hijacking.

References

Try Hard Security Group

Join the Try Hard Security Discord Server!Discord

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAndroid Applications Basics NextADB Commands

Last updated 7 days ago