An adversary, through a previously installed malicious application, intercepts messages from a trusted Android-based application in an attempt to achieve a variety of different objectives including denial of service, information disclosure, and data injection. An implicit intent sent from a trusted application can be received by any application that has declared an appropriate intent filter. If the intent is not protected by a permission that the malicious application lacks, then the attacker can gain access to the data contained within the intent. Further, the intent can be either blocked from reaching the intended destination, or modified and potentially forwarded along.
Relationships
This table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.
Nature
Type
ID
Name
ChildOf
Meta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.
Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.
Find an android application that uses implicit intents: Since this attack only works on android applications that use implicit intents, rather than explicit intents, an adversary must first identify an app that uses implicit intents. They must also determine what the contents of the intents being sent are such that a malicious application can get sent these intents.
Experiment
Create a malicious app: The adversary must create a malicious android app meant to intercept implicit intents from a target application
Techniques
Specify the type of intent wished to be intercepted in the malicious app's manifest file using an intent filter
Get user to download malicious app: The adversary must get a user using the targeted app to download the malicious app by any means necessary
Exploit
Intercept Implicit Intents: Once the malicious app is downloaded, the android device will forward any implicit intents from the target application to the malicious application, allowing the adversary to gaina access to the contents of the intent. The adversary can proceed with any attack using the contents of the intent.
Techniques
Block the intent from reaching the desired location, causing a denial of service
Gather sensitive information from the intercepted intent
Modify the contents of the intent and forward along to another application
Prerequisites
An adversary must be able install a purpose built malicious application onto the Android device and convince the user to execute it. The malicious application is used to intercept implicit intents.
Consequences
This table specifies different individual consequences associated with the attack pattern. The Scope identifies the security property that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in their attack. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a pattern will be used to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.
Scope
Impact
Likelihood
Confidentiality
Read Data
Integrity
Modify Data
Availability
Resource Consumption
Mitigations
To mitigate this type of an attack, explicit intents should be used whenever sensitive data is being sent. An explicit intent is delivered to a specific application as declared within the intent, whereas the Android operating system determines who receives an implicit intent which could potentially be a malicious application. If an implicit intent must be used, then it should be assumed that the intent will be received by an unknown application and any response should be treated accordingly. Implicit intents should never be used for inter-application communication.
Related Weaknesses
A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful. If multiple weaknesses are associated with the attack pattern, then any of the weaknesses (but not necessarily all) may be present for the attack to be successful. Each related weakness is identified by a CWE identifier.
Improper Verification of Intent by Broadcast Receiver
References
[REF-427] Erika Chin, Adrienne Porter Felt, Kate Greenwood
and David Wagner. "Analyzing Inter-Application Communication in Android". 3.1 Unauthorized Intent Receipt. International Conference on Mobile Systems, Applications, and Services (MobiSys). 2011.
<https://people.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdf>.
Content History
Submissions
Submission Date
Submitter
Organization
2014-06-23
(Version 2.6)
CAPEC Content Team
The MITRE Corporation
Modifications
Modification Date
Modifier
Organization
2018-07-31
(Version 2.12)
CAPEC Content Team
The MITRE Corporation
Updated References, Related_Weaknesses
2019-09-30
(Version 3.2)
CAPEC Content Team
The MITRE Corporation
Updated Related_Attack_Patterns
2020-07-30
(Version 3.3)
CAPEC Content Team
The MITRE Corporation
Updated Related_Attack_Patterns
2020-12-17
(Version 3.4)
CAPEC Content Team
The MITRE Corporation
Updated @Name, Consequences
2021-10-21
(Version 3.6)
CAPEC Content Team
The MITRE Corporation
Updated Execution_Flow
Previous Entry Names
Change Date
Previous Entry Name
2020-12-17
(Version 3.4)
Intent Intercept
More information is available — Please select a different filter.
Description
This table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.
Content History
