SIK-2016-018


Title:

Local DOS McAfee App

Report ID

SIK-2016-018

Summary:

  • Vendor: McAfee (Intel Security)
  • Product: Security & Power Booster -free (https://play.google.com/store/apps/details?id=com.wsandroid.suite)
  • Affected Version: 4.5.0.601, Platform Build version 5.0.1-1624448
  • Severity: low
  • Short summary:
    An intent sent from any arbitrary application on the device can stop/kill the security app.

Details:

The application contains a Baidu plugin which does not properly handle received intents containing Null values. Android OS before Lollipop (Version < 5) have no Null intent value filtering, so if an application sends a Broadcast Intent with an empty value, the BroadcastReceiver of the McAfee application cannot
handle this and crashes.

Example Intent generated by drozer1 tool:

run app.broadcast.send --action com.baidu.android.pushservice.action.RECEIVE --component com.wsandroid.suite com.mcafee.messaging.baidu.BaiduMessageReceiver

App crashes because of a NullPointerException completely. Intent has to be sent 3 times to ensure that the app will not restart again.
Responsible Code (Code where crash happens):
Class com.baidu.frontia.api.FrontiaPushMessageReceiver

public final void onReceive(Context context, Intent intent) {
 int i = 0;
 [...]
 } else if
(intent.getAction().equals("com.baidu.android.pushservice.action.RECEIVE") ||
intent.getAction().equals(b)) {
 String stringExtra = intent.getStringExtra("method"); <==== PROBLEM IF NO
EXTRA IS SET
 int intExtra = intent.getIntExtra("error_msg", 0);
 Object obj = "";
 if (intent.getByteArrayExtra("content") != null) {
 obj = new String(intent.getByteArrayExtra("content"));
 }

A malicious application can abuse this to crash/deactivate the McAfee application and bypass the protection on the smartphone.

Workaround

Suggested Mitigation

Please fix it

Timeline