Samsung Galaxy S3/S4 SMS Spoofing

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044735 漏洞类型
发布时间 2013-07-17 更新时间 2013-07-17
CVE编号 CVE-2013-4763
漏洞平台 N/A CVSS评分 N/A
I would like to inform you that the details of the vulnerability in
built-in system app of Samsung Galaxy S3/S4 (assigned as CVE-2013-4763
and CVE-2013-4764) are now disclosed to public.

In Samsung Galaxy S3/S4, a pre-loaded app, i.e.,
sCloudBackupProvider.apk, is used to provide backup functionality for
the users, and it unintentially exposes several unprotected
components. By exploiting these unprotected components, an
unprivileged app can trigger a so-called restore operation to write
SMS messages back to the standard SMS database file (mmssms.db) used
by the system messaging app, i.e., SecMms.apk. As a result, a smishing
attack can effectively create and inject arbitrary (fake) SMS text
messages. Similarly, fake MMS messages and call logs are also
possible. This vulnerability has been disclosed in CVE-2013-4763.

Also, these components can be sequentially triggered in a specific
order to create arbitrary SMS content, inject to system-wide SMS
database, and then trigger the built-in SMS-sending behavior (to
arbitrary destination). This vulnerability has been disclosed in

QIHU Inc. discovered these vulnerability and informed Samsung Corp. in
June 10, 2013. Samsung confirmed the vulerability and is now preparing
an OTA update. As a temporary workaround, disable the
sCloudBackupProvider.apk app would help block known attack vectors.

Details of CVE-2013-4763 and CVE-2013-4764 can be also found in QIHU
Inc.'s official site:

Z.X. from QIHU Inc.