CAPEC-499: Android Intent Intercept
An adversary, through a previously installed malicious application, intercepts messages from a trusted Android-based application in an attempt to achieve a variety of different objectives including denial of service, information disclosure, and data injection. An implicit intent sent from a trusted application can be received by any application that has declared an appropriate intent filter. If the intent is not protected by a permission that the malicious application lacks, then the attacker can gain access to the data contained within the intent. Further, the intent can be either blocked from reaching the intended destination, or modified and potentially forwarded along.
Last updated
Overview
CAPEC-499 (Android Intent Intercept) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How the attack works
The phases an attacker typically follows to carry out this attack.
- Step 1Explore
[Find an android application that uses implicit intents] Since this attack only works on android applications that use implicit intents, rather than explicit intents, an adversary must first identify an app that uses implicit intents. They must also determine what the contents of the intents being sent are such that a malicious application can get sent these intents.
- Step 2Experiment
[Create a malicious app] The adversary must create a malicious android app meant to intercept implicit intents from a target application
- Specify the type of intent wished to be intercepted in the malicious app's manifest file using an intent filter
- Step 3Experiment
[Get user to download malicious app] The adversary must get a user using the targeted app to download the malicious app by any means necessary
- Step 4Exploit
[Intercept Implicit Intents] Once the malicious app is downloaded, the android device will forward any implicit intents from the target application to the malicious application, allowing the adversary to gaina access to the contents of the intent. The adversary can proceed with any attack using the contents of the intent.
- Block the intent from reaching the desired location, causing a denial of service
- Gather sensitive information from the intercepted intent
- Modify the contents of the intent and forward along to another application
What the attacker needs
Prerequisites
- An adversary must be able install a purpose built malicious application onto the Android device and convince the user to execute it. The malicious application is used to intercept implicit intents.
Consequences
What a successful CAPEC-499 attack can achieve.
Read Data
Affects: Confidentiality
Modify Data
Affects: Integrity
Resource Consumption
Affects: Availability
How to mitigate it
Defenses that reduce the risk of CAPEC-499.
- To mitigate this type of an attack, explicit intents should be used whenever sensitive data is being sent. An explicit intent is delivered to a specific application as declared within the intent, whereas the Android operating system determines who receives an implicit intent which could potentially be a malicious application. If an implicit intent must be used, then it should be assumed that the intent will be received by an unknown application and any response should be treated accordingly. Implicit intents should never be used for inter-application communication.
Frequently asked questions
Common questions about CAPEC-499.
- What is CAPEC-499?
- An adversary, through a previously installed malicious application, intercepts messages from a trusted Android-based application in an attempt to achieve a variety of different objectives including denial of service, information disclosure, and data injection. An implicit intent sent from a trusted application can be received by any application that has declared an appropriate intent filter. If the intent is not protected by a permission that the malicious application lacks, then the attacker can gain access to the data contained within the intent. Further, the intent can be either blocked from reaching the intended destination, or modified and potentially forwarded along.
- How does a Android Intent Intercept attack work?
- It typically unfolds over 4 phases. It begins with: [Find an android application that uses implicit intents] Since this attack only works on android applications that use implicit intents, rather than explicit intents, an adversary must first identify an app that uses implicit intents. They must also determine what the contents of the intents being sent are such that a malicious application can get sent these intents.
- How do you prevent CAPEC-499?
- To mitigate this type of an attack, explicit intents should be used whenever sensitive data is being sent. An explicit intent is delivered to a specific application as declared within the intent, whereas the Android operating system determines who receives an implicit intent which could potentially be a malicious application. If an implicit intent must be used, then it should be assumed that the intent will be received by an unknown application and any response should be treated accordingly. Implicit intents should never be used for inter-application communication.
- What weaknesses does CAPEC-499 target?
- CAPEC-499 exploits 1 CWE weakness, including CWE-925 (Improper Verification of Intent by Broadcast Receiver).
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-499
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.