CWE-927 Detail

CWE-927

Name

Use of Implicit Intent for Sensitive Communication

Status

Incomplete

Published

2013-07-17
00h00 +00:00

Modified

2023-10-26
00h00 +00:00

Official links

CWE Mitre.org

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Notifications manage

List of Notifications

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CWE ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Name: Use of Implicit Intent for Sensitive Communication

The Android application uses an implicit intent for transmitting sensitive data to other applications.

CWE Description

Since an implicit intent does not specify a particular application to receive the data, any application can process the intent by using an Intent Filter for that intent. This can allow untrusted applications to obtain sensitive data. There are two variations on the standard broadcast intent, ordered and sticky.

Ordered broadcast intents are delivered to a series of registered receivers in order of priority as declared by the Receivers. A malicious receiver can give itself a high priority and cause a denial of service by stopping the broadcast from propagating further down the chain. There is also the possibility of malicious data modification, as a receiver may also alter the data within the Intent before passing it on to the next receiver. The downstream components have no way of asserting that the data has not been altered earlier in the chain.

Sticky broadcast intents remain accessible after the initial broadcast. An old sticky intent will be broadcast again to any new receivers that register for it in the future, greatly increasing the chances of information exposure over time. Also, sticky broadcasts cannot be protected by permissions that may apply to other kinds of intents.

In addition, any broadcast intent may include a URI that references data that the receiving component does not normally have the privileges to access. The sender of the intent can include special privileges that grant the receiver read or write access to the specific URI included in the intent. A malicious receiver that intercepts this intent will also gain those privileges and be able to read or write the resource at the specified URI.

General Informations

Modes Of Introduction

Architecture and Design

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Technologies

Class: Mobile (Undetermined)

Common Consequences

Scope	Impact	Likelihood
Confidentiality	Read Application Data Note: Other applications, possibly untrusted, can read the data that is offered through the Intent.
Integrity	Varies by Context Note: The application may handle responses from untrusted applications on the device, which could cause it to perform unexpected or unauthorized actions.

Observed Examples

References	Description
CVE-2022-4903	An Android application does not use FLAG_IMMUTABLE when creating a PendingIntent.

Potential Mitigations

Phases : Implementation
If the application only requires communication with its own components, then the destination is always known, and an explicit intent could be used.

Detection Methods

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness : High

Vulnerability Mapping Notes

Justification : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

References

REF-922

Analyzing Inter-Application Communication in Android
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner.
http://www.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdf

REF-923

Security Tips
Android Open Source Project.
https://developer.android.com/training/articles/security-tips#ContentProviders

Submission

Name	Organization	Date	Date release	Version
CWE Content Team	MITRE	2013-07-09 +00:00	2013-07-17 +00:00	2.5

Modifications

Name	Organization	Date	Comment
CWE Content Team	MITRE	2014-02-18 +00:00	updated Demonstrative_Examples, Description, References
CWE Content Team	MITRE	2017-11-08 +00:00	updated References
CWE Content Team	MITRE	2020-02-24 +00:00	updated Applicable_Platforms, Relationships
CWE Content Team	MITRE	2020-06-25 +00:00	updated Demonstrative_Examples
CWE Content Team	MITRE	2021-03-15 +00:00	updated Maintenance_Notes
CWE Content Team	MITRE	2021-10-28 +00:00	updated Relationships
CWE Content Team	MITRE	2023-04-27 +00:00	updated Detection_Factors, References, Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes
CWE Content Team	MITRE	2023-10-26 +00:00	updated Observed_Examples