Authorization / Notification Spoofing

Description

Notification spoofing is an authorization vulnerability which occurs when a malicious user impersonates another user or an application and sends an unauthorized notification. This type of attack is usually done by sending a malicious notification to a user or application, often in order to gain access to sensitive data or to perform malicious activities. This vulnerability has been classified as CWE-287: Improper Authentication. Additionally, it has been identified as a test case in the OWASP Testing Guide. This vulnerability can be found in Android and mobile application platforms, and can allow an attacker to gain access to sensitive data, or to bypass authentication.

Risk

Notification spoofing can have serious implications for both users and organizations. By sending malicious notifications, an attacker can gain access to confidential information, or can cause a denial of service. Additionally, an attacker can use notification spoofing to bypass authentication, which can lead to unauthorized access to sensitive data.

Solution

To mitigate the risk of notification spoofing, organizations should ensure that they use strong authentication methods, and that they implement software that is designed to detect and prevent spoofed notifications. Additionally, organizations should ensure that they use secure communication protocols, and that they regularly review the security of their applications.

Example

The following code is an example of a malicious notification spoofing attack, taken from the CVE directory.

String maliciousNotification = "malicious message";

NotificationManager notifManager = (NotificationManager) context.getSystemService(Context.NOTIFICATION_SERVICE);
Notification notif = new Notification.Builder(context)
		.setContentTitle("Notification Spoofing Attack")
		.setContentText(maliciousNotification)
		.setSmallIcon(R.drawable.icon_malicious_notif)
		.build();

notifManager.notify(0, notif);