提出 #475733: union bank of india Vyom 8.0.34 Missing Immutable Root of Trust in Hardware情報

タイトルunion bank of india Vyom 8.0.34 Missing Immutable Root of Trust in Hardware
説明Vulnerability Title: Root Detection Bypass in Vyom App on Rooted Devices Description: The Vyom app has a vulnerability that allows root detection mechanisms to be bypassed on rooted devices. This bypass can enable attackers to exploit sensitive app functionalities, potentially exposing user data or granting unauthorized access to restricted features. Technical Details: Issue: The app's root detection implementation can be bypassed, possibly due to weak or improper checks for rooted environments. Impact: This flaw allows the application to run on devices with root access, undermining its security measures. Environment: Observed on [Android 12, 8.0.34]. Reproduction: By utilizing tools or scripts to hide root status (e.g., Magisk Hide), the application operates without restrictions, indicating inadequate root detection mechanisms. Risk Assessment: Severity: Medium to High (depending on the app's functionality and the data it handles). Likelihood of Exploit: High (requires commonly available root-hiding tools). Impact: Potential exposure of sensitive user data, bypass of security restrictions, or elevation of privileges within the app. Recommendations: Implement robust root detection mechanisms using multiple checks (e.g., checking for modified binaries, common root management tools, or traces of root). Regularly update root detection logic to counter emerging bypass techniques. Consider adding device attestation mechanisms (e.g., SafetyNet or equivalent). Additional Information: Reporter: [Mustafa Alotwala]. Discovery Date: [1-7-2025]. References / POC : https://drive.google.com/file/d/1kIXsZoD1FFps0bXQ1pbrfoo76Wy1pL7s/view?usp=drivesdk
ソース⚠️ https://drive.google.com/file/d/1kIXsZoD1FFps0bXQ1pbrfoo76Wy1pL7s/view?usp=drivesdk
ユーザー
 Mustafa_alotwala (UID 79852)
送信2025年01月07日 02:02 (1 年 ago)
モデレーション2025年01月19日 09:08 (12 days later)
ステータス承諾済み
VulDBエントリ292540 [Union Bank of India Vyom 8.0.34 上 Android Rooting Detection 特権昇格]
ポイント20

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>