CVE CyberSecurity Database News

CVE-2024-0019: Bypassing Privacy Indicator for Active Microphone Recordings in AppOpsControllerImpl.java

Poster -

The developers concerned with Android platform security must be aware of CVE-2024-0019, a vulnerability that allows a malicious app to hide the microphone privacy indicator during systemUI restarts. This vulnerability exists in the setListening method of the AppOpsControllerImpl.java class. In this post, we will explain how the vulnerability occurs, provide an example code snippet, and then explain how to exploit it. Keep in mind that user interaction is needed for exploitation, and no additional execution privileges are required.

Background

The AppOpsControllerImpl class in Android is responsible for handling and monitoring app operations, permission checks, and privacy indicators for various sensors and resources. One important method used by this class is setListening, which determines whether the AppOpsController should listen for updates when determining active recordings.

The Vulnerability (CVE-2024-0019)

A potential vulnerability lies in the setListening method of the AppOpsControllerImpl.java class, specifically in its handling of active microphone recordings. When systemUI is restarted in Android, the method handling privacy indicators for the microphone should ideally check whether any active recordings are taking place or not.

However, due to a missing check in the setListening method, there is the possibility for a malicious app to hide the privacy indicator for an active microphone recording, effectively allowing it to perform local denial of service.

Code Snippet

The affected code snippet that demonstrates the vulnerability in AppOpsControllerImpl.java is as follows:

public void setListening(boolean shouldListen) {
    if (shouldListen) {
        mAppOps.startWatchingActive(mWatchedOps, mActiveCallback);
        mAppOps.startWatchingMode(AppOpsManager.OP_FLAGS_WATCH_CHANGE_REASON_ALL, null,
            mModeCallback);
    } else {
        mAppOps.stopWatchingActive(mActiveCallback);
        mAppOps.stopWatchingMode(mModeCallback);
    }
}

In the code above, it is evident that there is no validation of active recordings during a systemUI restart.

Exploit Details

To exploit this vulnerability, the attacker must first create an app that initiates microphone recording without displaying the privacy indicator. The user then has to interact with the attacker's app to trigger a systemUI restart. This restarted systemUI will not display the privacy indicator, making it seem like there is no active recording taking place and leading to a denial of service.

The following resources provide more details on the CVE-2024-0019 vulnerability

1. Android Open Source Project
2. Android Security Bulletin
3. CVE Details

Conclusion

CVE-2024-0019 is a noteworthy vulnerability in the Android platform that allows a malicious app to hide the privacy indicator for active microphone recordings. It is essential for developers to be aware of this vulnerability and secure their applications accordingly.

Please ensure that you update your Android platform to the latest security patches and follow the best practices while developing applications to minimize the risks associated with this vulnerability.

Timeline

Published on: 02/16/2024 20:15:47 UTC
Last modified on: 02/16/2024 21:39:50 UTC