CAPEC-501: Android Activity Hijack
ID
CAPEC-501
Typical Severity
Medium
Status
Draft
An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints | weakness |