Rejseplanen App Task Hijacking Vulnerability

A task hijacking vulnerability has been identified in the Rejseplanen App, specifically in versions through 8.2.2. This vulnerability arises from an improper export of Android application components in the AndroidManifest.xml file of the component de.hafas.android.rejseplanen. The issue allows malicious apps to inherit permissions from vulnerable apps, creating opportunities for phishing attacks by manipulating or taking over tasks within Android. The vulnerability affects all Android versions prior to Android 11, and exploitation requires local access.

Impact

Exploitation of this vulnerability allows for task hijacking, where a malicious application can take over a legitimate app's task, potentially leading to the theft of sensitive information from the user.

Reproduction

To reproduce this vulnerability, a malicious app must be created with a task affinity that matches the vulnerable Rejseplanen app. Once this malicious app is installed, it can hijack the task of the Rejseplanen app when both are used on the device. This is achieved by exploiting the default task affinity setting, which can be manipulated to create a phishing scenario.

Remediation

Users can mitigate this vulnerability by updating to a version of the Rejseplanen App that is not affected, or by modifying the AndroidManifest.xml file to properly restrict exported components.