Proof of concept of CVE-2017-0807# Proof of concept of CVE-2017-0807
This is a demo application with deliberately sloppy interface for the CVE-2017-0807 reported by Efthimios Alepis and Constantinos Patsakis.
The vulnerability illustrates that due to security issues in every Android version up to Nougat, an unprivileged user can overlay almost every Android interface and trick the user into getting his input. In the demo we overlay a screen which makes our app administrator of the device, however, there are numerous other possibilities to exploit this vulnerability. Contrary to other attacks, e.g. cloak and dagger our attack does not request any dangerous or system permission like SYSTEM ALERT WINDOW.
A video which showcases the issue can be found [here](https://www.youtube.com/watch?v=zX4KckkNGdQ).
For more details the interested reader may refer to:
*Alepis, Efthimios, and Constantinos Patsakis. "Trapped by the UI: The Android case." International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, Cham, 2017.* [Link](https://link.springer.com/chapter/10.1007/978-3-319-66332-6_15)
# External links
[NIST](https://nvd.nist.gov/vuln/detail/CVE-2017-0807)
[Pixel / Nexus Security Bulletin—October 2017](https://source.android.com/security/bulletin/pixel/2017-10-01)
This work was supported by the European Commission under the Horizon 2020 Programme (H2020), as part of the [OPERANDO](https://www.operando.eu) project (Grant Agreement no. 653704) and is based upon work from COST Action [CRYPTACUS](https://www.cryptacus.eu), supported by COST (European Cooperation in Science and Technology).
[4.0K] /data/pocs/d568bc1a274ea1f1443f83fdb9198226ffafbef0
├── [4.0K] app
│ ├── [1.3M] app-release.apk
│ ├── [ 915] build.gradle
│ ├── [ 661] proguard-rules.pro
│ └── [4.0K] src
│ ├── [4.0K] androidTest
│ │ └── [4.0K] java
│ │ └── [4.0K] com
│ │ └── [4.0K] raid2017
│ │ └── [4.0K] bogus
│ │ └── [4.0K] a1admin2rulethemall
│ │ └── [ 806] ExampleInstrumentedTest.java
│ ├── [4.0K] main
│ │ ├── [1.5K] AndroidManifest.xml
│ │ ├── [4.0K] java
│ │ │ └── [4.0K] com
│ │ │ └── [4.0K] raid2017
│ │ │ └── [4.0K] bogus
│ │ │ └── [4.0K] a1admin2rulethemall
│ │ │ ├── [ 209] AdminReceiver.java
│ │ │ ├── [1.0K] Main2Activity.java
│ │ │ └── [1.3K] MainActivity.java
│ │ └── [4.0K] res
│ │ ├── [4.0K] drawable
│ │ │ └── [ 14K] ninja.jpg
│ │ ├── [4.0K] layout
│ │ │ ├── [1001] activity_main2.xml
│ │ │ └── [1.1K] activity_main.xml
│ │ ├── [4.0K] mipmap-hdpi
│ │ │ └── [3.3K] ic_launcher.png
│ │ ├── [4.0K] mipmap-mdpi
│ │ │ └── [2.2K] ic_launcher.png
│ │ ├── [4.0K] mipmap-xhdpi
│ │ │ └── [4.7K] ic_launcher.png
│ │ ├── [4.0K] mipmap-xxhdpi
│ │ │ └── [7.5K] ic_launcher.png
│ │ ├── [4.0K] mipmap-xxxhdpi
│ │ │ └── [ 10K] ic_launcher.png
│ │ ├── [4.0K] values
│ │ │ ├── [ 214] colors.xml
│ │ │ ├── [ 216] dimens.xml
│ │ │ ├── [ 84] strings.xml
│ │ │ └── [ 978] styles.xml
│ │ ├── [4.0K] values-w820dp
│ │ │ └── [ 364] dimens.xml
│ │ └── [4.0K] xml
│ │ └── [ 263] device_admin.xml
│ └── [4.0K] test
│ └── [4.0K] java
│ └── [4.0K] com
│ └── [4.0K] raid2017
│ └── [4.0K] bogus
│ └── [4.0K] a1admin2rulethemall
│ └── [ 432] ExampleUnitTest.java
├── [ 521] build.gradle
├── [4.0K] gradle
│ └── [4.0K] wrapper
│ ├── [ 52K] gradle-wrapper.jar
│ └── [ 236] gradle-wrapper.properties
├── [ 747] gradle.properties
├── [4.9K] gradlew
├── [2.3K] gradlew.bat
├── [ 34K] LICENSE
├── [1.6K] README.md
└── [ 16] settings.gradle
33 directories, 32 files