Mobile Next Mobile MCP Arbitrary Intent Execution Vulnerability

A vulnerability in Mobile Next's MCP server for mobile development and automation, prior to version 0.0.50, allows the 'mobile_open_url' tool to pass user-supplied URLs directly to Android's intent system without validating the URL scheme. This oversight enables the execution of arbitrary Android intents, such as USSD codes, phone calls, SMS messages, and access to content providers. The issue arises because the vulnerable code transmits URLs to the intent system without proper checks, leaving room for malicious schemes to be executed on connected mobile devices.

Impact

Exploitation of this vulnerability could lead to the unauthorized execution of USSD codes, initiation of phone calls to premium rate numbers, drafting of SMS messages with attacker-controlled content, access to sensitive content providers like contacts and call logs, and opening app installation prompts.

Reproduction

The vulnerability can be reproduced by sending a prompt injection that includes a URL with a malicious scheme, such as 'tel:' or 'sms:'. This can be done using the 'mobile_open_url' tool, specifying a device ID and the crafted URL. For example, a URL could be crafted to execute a USSD code or to open the SMS app with a pre-filled message.

Remediation

Users are advised to upgrade to version 0.0.50 or later, which restricts the 'mobile_open_url' tool to 'http://' and 'https://' schemes by default. Those who need to use other URL schemes can enable them by setting the 'MOBILEMCP_ALLOW_UNSAFE_URLS' environment variable to '1'.