Firefox for Android Vulnerabilities
Lookout Coverage and Recommendation for Admins
Without Lookout on the device, there’s no way for a targeted individual to know this attack is taking place. Whether the attacker is trying to deliver a phishing link or install malware, Lookout will detect and protect against both types of malicious activity.
Lookout will detect outdated versions of the Android Firefox app as part of its default policy that alerts a user if an app on their device has an exploitable vulnerability. The admin can then customize the policy to set a risk level and response that align with their organization’s security policies.
Overview
A vulnerability in the Android version of the Firefox mobile app was recently discovered by an independent researcher. For Firefox v68.11.0 and below, there is a vulnerability in the Wi-Fi protocols that could allow an attacker to trigger actions on a victim’s device if the two are connected to the same Wi-Fi network.
By exploiting this vulnerability, the attacker can trigger the device to perform unauthorized functions. Some of these functions require no action by the end user, such as redirecting the Firefox browser to a phishing site. If the attacker wants to convince the target to download a malicious app, they can have the device prompt the user to do so. To create greater impact, the attacker could make this part of a larger exploit chain by using it in combination with other device or app vulnerabilities that the victim is subject to.
Lookout Analysis
In order for this attack to be successful, the target device must have a vulnerable version of the Firefox app installed and be connected to the same Wi-Fi network as the attacker. Since this vulnerability is cause by a lack of input validation for SSDP (Simple Service Delivery Protocol), the threat actor can send a crafted SSDP message to the target device to carry out the attack. Until something executes on the device and a there’s a notification on the target’s device, they wouldn’t know this was all happening.