Soumettre #475733: union bank of india Vyom 8.0.34 Missing Immutable Root of Trust in Hardwareinformation

Titre	union bank of india Vyom 8.0.34 Missing Immutable Root of Trust in Hardware
Description	Vulnerability Title: Root Detection Bypass in Vyom App on Rooted Devices Description: The Vyom app has a vulnerability that allows root detection mechanisms to be bypassed on rooted devices. This bypass can enable attackers to exploit sensitive app functionalities, potentially exposing user data or granting unauthorized access to restricted features. Technical Details: Issue: The app's root detection implementation can be bypassed, possibly due to weak or improper checks for rooted environments. Impact: This flaw allows the application to run on devices with root access, undermining its security measures. Environment: Observed on [Android 12, 8.0.34]. Reproduction: By utilizing tools or scripts to hide root status (e.g., Magisk Hide), the application operates without restrictions, indicating inadequate root detection mechanisms. Risk Assessment: Severity: Medium to High (depending on the app's functionality and the data it handles). Likelihood of Exploit: High (requires commonly available root-hiding tools). Impact: Potential exposure of sensitive user data, bypass of security restrictions, or elevation of privileges within the app. Recommendations: Implement robust root detection mechanisms using multiple checks (e.g., checking for modified binaries, common root management tools, or traces of root). Regularly update root detection logic to counter emerging bypass techniques. Consider adding device attestation mechanisms (e.g., SafetyNet or equivalent). Additional Information: Reporter: [Mustafa Alotwala]. Discovery Date: [1-7-2025]. References / POC : https://drive.google.com/file/d/1kIXsZoD1FFps0bXQ1pbrfoo76Wy1pL7s/view?usp=drivesdk
La source	⚠️ https://drive.google.com/file/d/1kIXsZoD1FFps0bXQ1pbrfoo76Wy1pL7s/view?usp=drivesdk
Utilisateur	Mustafa_alotwala (UID 79852)
Soumission	07/01/2025 02:02 (il y a 1 Année)
Modérer	19/01/2025 09:08 (12 days later)
Statut	Accepté
Entrée VulDB	292540 [Union Bank of India Vyom 8.0.34 sur Android Rooting Detection élévation de privilèges]
Points	20

◂ Précédent Aperçu Suivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!