INTSIG CamScanner Improper Component Export Vulnerability in Android

A vulnerability exists in the INTSIG CamScanner application for Android, specifically in version 6.91.1.5.250711. The issue arises from an improper export of application components, allowing malicious apps to inherit permissions from vulnerable ones. This misconfiguration, located in the AndroidManifest.xml file of the com.intsig.camscanner component, can lead to task hijacking, where an attacker manipulates or takes over tasks in Android. The vulnerability requires local access to exploit and is applicable to all Android versions prior to Android 11.

Impact

Exploitation of this vulnerability allows for task hijacking, where a malicious application can take over tasks from a legitimate app, potentially leading to the theft of sensitive information. This is achieved by creating a phishing scenario where the user believes they are interacting with the legitimate app, while in reality, they are providing information to the malicious one.

Reproduction

To reproduce this vulnerability, a malicious app must be created that exploits the improper component export in CamScanner. This app should be designed to hijack tasks from CamScanner by setting the taskAffinity attribute to match that of the vulnerable app. Once the malicious app is installed and its task is brought to the foreground, opening CamScanner will trigger the hijacking, displaying the phishing activity instead of the app's original interface.

Remediation

Users can mitigate this vulnerability by updating to a version of CamScanner that addresses the task hijacking issue. Additionally, developers should set the taskAffinity property of their application's activities to use a randomly generated task affinity or enforce a specific task affinity that does not overlap with other applications.