Submit #475733: union bank of india Vyom 8.0.34 Missing Immutable Root of Trust in Hardwareinfo

Title	union bank of india Vyom 8.0.34 Missing Immutable Root of Trust in Hardware
Description	Vulnerability Title: Root Detection Bypass in Vyom App on Rooted Devices Description: The Vyom app has a vulnerability that allows root detection mechanisms to be bypassed on rooted devices. This bypass can enable attackers to exploit sensitive app functionalities, potentially exposing user data or granting unauthorized access to restricted features. Technical Details: Issue: The app's root detection implementation can be bypassed, possibly due to weak or improper checks for rooted environments. Impact: This flaw allows the application to run on devices with root access, undermining its security measures. Environment: Observed on [Android 12, 8.0.34]. Reproduction: By utilizing tools or scripts to hide root status (e.g., Magisk Hide), the application operates without restrictions, indicating inadequate root detection mechanisms. Risk Assessment: Severity: Medium to High (depending on the app's functionality and the data it handles). Likelihood of Exploit: High (requires commonly available root-hiding tools). Impact: Potential exposure of sensitive user data, bypass of security restrictions, or elevation of privileges within the app. Recommendations: Implement robust root detection mechanisms using multiple checks (e.g., checking for modified binaries, common root management tools, or traces of root). Regularly update root detection logic to counter emerging bypass techniques. Consider adding device attestation mechanisms (e.g., SafetyNet or equivalent). Additional Information: Reporter: [Mustafa Alotwala]. Discovery Date: [1-7-2025]. References / POC : https://drive.google.com/file/d/1kIXsZoD1FFps0bXQ1pbrfoo76Wy1pL7s/view?usp=drivesdk
Source	⚠️ https://drive.google.com/file/d/1kIXsZoD1FFps0bXQ1pbrfoo76Wy1pL7s/view?usp=drivesdk
User	Mustafa_alotwala (UID 79852)
Submission	01/07/2025 02:02 (1 Year ago)
Moderation	01/19/2025 09:08 (12 days later)
Status	Accepted
VulDB entry	292540 [Union Bank of India Vyom 8.0.34 on Android Rooting Detection protection mechanism]
Points	20

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!