[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MIUI Torch Open Vulnerability



MIUI Torch Open Vulnerability
I. Summary
com.android.systemui is the corresponding package of MiuiSystemUI.apk, a MIUI system application that manages user 

interface and other functions. When started by NFC tag, the torch in NFC mobile phone will be open automatically.    
-----------------------------------------------------------------
II. Description
construct a  message as follow:
D4 0F 14 61 6E 64 72 6F 69 64 2E 63 6F 6D 3A 70
6B 67 63 6F 6D 2E 61 6E 64 72 6F 69 64 2E 73 79
73 74 65 6D 75 69
Then write the message to NFC tag. 
Touch the NFC tag with Samsung GT-I9300(installed with MIUI 5.30, an Android ROM), the torch will be turned on 

automatically.
------------------------------------------------------------------
III. Impact
This bug cause the torch of MIUI turned on automatically
------------------------------------------------------------------
IV. Affected
MIUI  4.1.17/5.30 
other versions we don't test.
------------------------------------------------------------------
V. Solution