CVE-2017-9820 in BHIM
Summary
by MITRE
The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/04/2023
The vulnerability identified as CVE-2017-9820 affects the National Payments Corporation of India BHIM application version 1.3 for Android platforms. This payment application implements a custom keypad implementation that creates a security risk through improper accessibility service integration. The custom keypad functionality, designed to provide users with a secure input method for sensitive financial transactions, inadvertently exposes its input elements to accessibility services running on the device. This design flaw fundamentally undermines the intended security controls by creating an attack vector that bypasses the application's authentication mechanisms. The vulnerability represents a critical weakness in the application's security architecture as it allows unauthorized access to the payment processing interface through legitimate system services that assist users with disabilities.
The technical flaw stems from the application's failure to properly isolate the custom keypad input elements from system accessibility services. When an accessibility service attempts to interact with the application interface, it can access the custom keypad components through the standard Android accessibility framework. This occurs because the custom keypad does not implement proper accessibility service restrictions or input element isolation mechanisms that would normally prevent such exposure. The vulnerability is classified under CWE-284 Access Control, specifically related to insufficient access control mechanisms that allow unauthorized access to protected resources. The custom keypad implementation likely lacks proper security controls such as accessibility service permission checks, input element visibility restrictions, or proper view hierarchy management that would prevent unauthorized access.
The operational impact of this vulnerability extends beyond simple authentication bypass to encompass broader security implications for mobile payment transactions. Attackers can leverage this vulnerability to capture sensitive input data from the custom keypad, potentially gaining access to PINs, passwords, or other authentication credentials required for financial transactions. This creates a significant risk for users conducting monetary transfers through the BHIM application, as the attacker can effectively impersonate legitimate users without proper authentication. The vulnerability also exposes the application to potential man-in-the-middle attacks where malicious actors can intercept and manipulate payment data during the authentication process. From an attacker perspective, this represents a low-effort, high-impact vector that aligns with ATT&CK technique T1056.001 Input Injection, where attackers can inject malicious input through accessible interfaces.
Mitigation strategies for this vulnerability require immediate implementation of proper accessibility service restrictions within the custom keypad component. The application should implement accessibility service permission checks that prevent unauthorized access to sensitive input elements, and ensure that the custom keypad components are properly isolated from system accessibility services. Security controls must include proper view hierarchy management to prevent accessibility service interaction with authentication elements, and implementation of input element visibility restrictions that maintain the security boundaries of the custom keypad. Organizations should also consider implementing additional authentication layers such as multi-factor authentication, transaction verification mechanisms, and real-time monitoring of suspicious access patterns. The solution must address the root cause by ensuring that custom input components properly enforce access controls that align with industry standards for mobile application security and maintain the integrity of authentication mechanisms as defined in OWASP Mobile Top 10 and NIST SP 800-53 security controls.