The 圜allBack.o method calls the .f method Method h performing a call to the method o in the same classįinally, in the 圜allBack.o method there is a call to the .f method, shown on Line 2: Figure 4. The method h, partially depicted below, from the previous call performs a call to the method o in the same class, as shown on Line 16: Figure 3. The 圜allBackis aninterfaceimplemented by the 圜allBack. The .BaseActivity class performing a call to the iBaseActivit圜allBack.h method in the onResume callback Upon opening the application, the launcher activity _ extends the .BaseActivity class, which performs a call to the iBaseActivit圜allBack.h method in the onResume callback, depicted below on Line 11: Figure 2.
ANDROID CLIPBOARD MANAGER EXAMPLE CODE
An example of a call chain through the SHEIN app resulting in clipboard access Identifying the code We then performed a dynamic analysis by running the app in an instrumented environment to observe the code, including how it read the clipboard and sent its contents to a remote server. We first performed a static analysis of the app to identify the relevant code responsible for the behavior. The following analysis details how we identified and verified the presence of the SHEIN app’s clipboard behavior, analyzing SHEIN app version 7.9.2 (SHA-256: ff07dc6e237acd19cb33e35c60cb2ae52c460aac76bc27116d8de76abec66c51). We also share this research with the larger security community to emphasize the importance of collaboration in the effort to improve security for all.
ANDROID CLIPBOARD MANAGER EXAMPLE ANDROID
In this blog, we detail how we identified the SHEIN app’s clipboard behavior and how Android users can protect themselves against clipboard-based attacks. We would also like to thank the Google team for the improvements implemented to the Android platform to protect users from the risks associated with anomalous clipboard access. We would like to thank Google’s Android Security Team as well as the SHEIN team for their efforts and collaboration in addressing this issue. In May 2022, Google informed us and we confirmed that SHEIN removed the behavior from the application. We reported our findings to Google, the Play Store operator, leading to an investigation by their Android Security Team.
Even if SHEIN’s clipboard behavior involved no malicious intent, this example case highlights the risks that installed applications can pose, including those that are highly popular and obtained from the platform’s official app store. SHEIN’s Android application is published on the Google Play Store with over 100 million downloads. While we are not specifically aware of any malicious intent behind the behavior, we assessed that this behavior was not necessary for users to perform their tasks on the app. Microsoft discovered that an old version of the SHEIN Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server. Moreover, these types of attacks misuse a legitimate system feature rather than exploit a vulnerability, making the issue more challenging to mitigate. Examples even exist of attackers hijacking and replacing the clipboard contents for malicious purposes, such as modifying a copied cryptocurrency wallet address before the user pastes it into a crypto wallet app or chat message.
Leveraging clipboards can enable attackers to collect target information and exfiltrate useful data.
0 kommentar(er)
