Freedom Factory dGEN1 Improper Authorization Vulnerability in Alarm Application Allowing Denial-of-Service

A vulnerability exists in the DGEN Alarm application on Freedom Factory dGEN1 devices running versions prior to 20260221. The issue lies in the component 'com.dgen.alarm', where an exported BroadcastReceiver lacks proper authorization checks. This flaw enables any local application to trigger alarm playback without authentication. The vulnerability arises from inadequate validation of the caller's identity, allowing malicious apps to exploit the alarm service. The exploitation can lead to multiple overlapping instances of the MediaPlayer, causing persistent audio playback and creating a denial-of-service condition on the device.

Impact

Exploitation of this vulnerability allows for silent alarm creation and repeated triggering of alarms, causing multiple MediaPlayer instances to play audio simultaneously. This persistent playback creates a denial-of-service condition, making the device difficult or impossible to use until the alarms are manually stopped.

Reproduction

To reproduce this vulnerability, set an alarm using the 'SET_ALARM' action while skipping the user interface. Then, broadcast the 'com.dgen.alarm.ALARM_TRIGGERED' action repeatedly. This will trigger the alarm service multiple times, creating overlapping audio playback that persists until manually interrupted.