CyanogenMod and Other ROMs Allegedly Vulnerable to MITM Attacks
According to an anonymous security researcher and The Register, over 10 million Android users running CyanogenMod and various derivatives are potentially vulnerable to a specific type of man-in-the-middle attack. The main group vulnerable are users running CyanogenMod and CM-based ROMs. The CyanogenMod team has stated that The Register‘s claims are invalid and ensured that CyanogenMod 11 is well protected.
The alleged vulnerability was discovered by an anonymous researcher who works for one of top Android vendors. CyanogenMod developers and other teams had taken the Oracle’s sample code for Java 1.5, which can potentially result in an MitM attack due to invalid SSL hostname verification. The attacker can then use a browser to execute code and steal important data like credit cards numbers, etc.
The flaw was discovered back in 2012 and discussed at many security conferences. And according to the researcher, the code unfortunately hasn’t been fixed since then, and the researcher provided a proof of concept example about how to use the flaw to attain device control:
“If you go and create a SSL certificate for a domain you own, say evil.com and in an element of the certificate signing request such as the ‘organisation name’ field you put the ‘value,cn=*domain name*, it will be accepted as the valid domain name for the certificate,” he said.
According to the researcher, CyanogenMod’s browser seems to not be patched, so the attack is possible. However, in a statement made on the CyanogenMod Blog, the team rejected the vulnerability claims as being totally inaccurate. According to the CM team, only Android 4.3 and below can be attacked using this method. The team ensured that they take all security reports to heart and that they are working very hard to make CyanogenMod the safest Android distribution available.
[via The Register]