Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
LINE CVE-2018-13446 Information
> [Description]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line
> application 8.8.1 for Android. The Passcode feature allows
> authentication bypass via runtime manipulation that forces a
> certain method's return value to true. In other words, an attacker
> could authenticate with an arbitrary passcode. NOTE: the vendor
> indicates that this is not an attack of interest within the context
> of their threat model, which excludes Android devices on which
> rooting has occurred.
>
> ------------------------------------------
>
> [Additional Information]
> Exploitation Narrative for bypass local authentication on Passcode
>
> 1. De-compiling process was used to determine application logic
> through source code. Even the application was minified (Seems to be
> using Proguard), We still can analyse the logic of Passcode
> authentication on the "b" method and found that the return type is
> Boolean type.
>
> 2. Frida script was created to hook into "b" method in order to force the return value to be "true".
>
> Recommendation
> * Consider code obfuscation not only using Proguard due to it is just minify not obfuscating
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> OWASP Mobile Top 10 2016:M4-Insecure Authentication, CWE-287 - Improper Authentication
>
> ------------------------------------------
>
> [Vendor of Product]
> LINE Corporation
>
> ------------------------------------------
>
> [Affected Product Code Base]
> jp.naver.line (Android: Google Play Store) - 8.8.1
>
> ------------------------------------------
>
> [Affected Component]
> Passcode authentication
>
> ------------------------------------------
>
> [Attack Type]
> Context-dependent
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [CVE Impact Other]
> Authentication Bypass
>
> ------------------------------------------
>
> [Attack Vectors]
> An attacker who is able to access on rooted Android
> device, could perform runtime manipulation on Passcode authentication
> which allow attacker to force the return value to be "true". A
> malicious application which may evade Google Play Store detection,
> could attack the LINE application on rooted device by hooking into
> Passcode verification mechanism in order to bypass authentication
> process.
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Boonpoj Thongakaraniroj, Prathan Phongthiproek
>
> ------------------------------------------
>
> [Reference]
> https://play.google.com/store/apps/details?id=jp.naver.line.android&hl=en_US
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.