Path Traversal Vulnerability in 'com.smartwho.SmartFileManager' 3.1.2 for Android
# Disclosure Date: 30/01/2014
# Author: Keith Makan
# Vendor or Software Link: com.smartwho.SmartFileManager
# Version: 3.1.2
# Tested on: Android 3.2.1 (HTC Flyer)
# Tools : Drozer, Bash
com.smartwho.SmartFileManager (aka Android File Manager) suffers from a Path Traversal Vulnerability, which grants unauthorized applications read access to a victims device file system.
This vulnerability stems from a lack of permissions inforcement in a file supporting content provider, namely:
<provider android:name="com.smartwho.SmartFileManager.FileManagerProvider" android:authorities="com.smartwho.SmartFileManager" />
The code above does not make use of the android:permission , android:readPermission or android:writePermission xml elements which allows applications to leak the android.permission.READ_EXTERNAL_STORAGE permission.
The mentioned vulnerability allows applications with to enumerate the contents--within the access writes of the affected application--of a victims local file system without requiring the android.permission.READ_EXTERNAL_STORAGE permission.
Currently an estimated 1,000,000 - 5,000,000 installs are affected.
1. Original Disclosure (30/01/2014)
2. -- No Response from Developer/Vendor
3. Public Advisory Publication (09/02/2014)