Unrestricted SmsReceiver Receiver in Android before 5.0.0

Unrestricted SmsReceiver Receiver in Android before 5.0.0

CVE-2014-8610 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:P/A:N

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.

Learn more about our Network Penetration Testing.