.png)
1 year ago
80 BOOK THIS SPACE FOR AD
ARTICLE ADBypass the Password and Biometrics Functionalities
A simple story about me
Learned about web application testing online during the COVID-19 period. Did testing on multiple web apps but if I reported any bugs it may informational and duplicates. Then I was curious about android app development so I learned about developing apps. Then I could able to find security issues in android apps. It is like low-hanging fruit — bugs
Analyzing
I used an app for 2FA to get TOTP. Little curious about the applock function so I decompiled the app using JADX-GUI(a tool to decompile the apk) and saw the Androidmanifest.xml file to get the details of the app. [com.demo.app.HandleRedirectionActivity] is exported=true(means any app can call this activity ) so read the code of the activity it doesn’t have anything to read it is just redirection_handler activity. Jumped into app_lock [com.demo.app.PinLock while analyzing the code I get to know it doesn’t validate the activity call.
Exploiting
Then I call the redirection activity directly using ADB. Haa!! app lock activity doesn’t authenticate the redirection_handler activity.
$ adb shell am start -n com.demo.app/.HandleRedirectionActivity
Creating POC
Most of the VDP programs don’t allow to use of the ADB. So I Created an Android Application in Android Studio.
intent intent = new Intent();
intent.setClassName(“com.demo.app”, “com.demo.app.HandleRedirectionActivity”);
startActivity(intent);
Just Create an app to call the redirection_handler activity, when you open the attacker app it bypassed the biometric entry into the TOTP activity
LinkedIn profile: Barath Stalin
Bengali (Bangladesh) · 
English (United States) ·