Security/Reviews/Gaia/Dialer: Difference between revisions

Line 80: Line 80:
The dial handler does not actually dial numbers. The only thing it does is ask the KeypadManager to enter the number. The user will always have to tap the dial button before a call is being made.
The dial handler does not actually dial numbers. The only thing it does is ask the KeypadManager to enter the number. The user will always have to tap the dial button before a call is being made.


TODO Does the KeypadManager do any filtering / checking on the number?
*ISSUES:* The dialer does not correctly validate input. I was able to do multiple malicious things:
TODO What happens if we pass something bad for the number
 
TODO Is it possible to make the keypad show number 123 while dialing a different number through some content or font rendering attack?
* {{bug|845383}} Dialer accepts super long phone number which breaks the phone until reboot
* {{bug|845361}} Dialer does not correctly validate input to the dial activity handler
* {{bug|845045}} Dialer can be tricked into displaying one number but dialing another
 
*ACTION:* We need better defensive coding around input taken from activities.


==== System Messages ====
==== System Messages ====
Confirmed users
971

edits