CVE-2023-47889

Vulnerability

The Android application com.bdrm.superreboot version 1.0.3 exposes several critical actions through its exported broadcast receivers, particularly PowerOffWidgetReceiver. These receivers respond to implicit intents with actions such as POWER_OFF, REBOOT, RECOVERY, BOOTLOADER, DOWNLOAD, RESTART, and SAFE_MODE. No special configuration is required; the vulnerability exists as soon as the app is installed on the device [1].

Exploitation

An attacker needs only the ability to run any unprivileged app on the same Android device. No additional permissions or user interaction are required. The attacker can send a broadcast intent with the appropriate action string (e.g., POWER_OFF) to the exported receiver. A proof-of-concept Java snippet demonstrates sending context.sendBroadcast(intent) with the action set, and an ADB command adb shell am broadcast -a POWER_OFF -n com.bdrm.superreboot/.PowerOffWidgetReceiver also works [1].

Impact

A successful exploit allows the attacker to trigger device reboot, power off, entry into recovery/bootloader/download mode, restart of system processes, or boot into safe mode. These actions can cause unexpected behavior, data loss, or temporary denial of service, rendering the device unusable until manual intervention [1].

Mitigation

No official patched version has been released as of the publication date. The developer should set android:exported="false" on broadcast receivers that do not need to be accessed by other apps, implement permissions via android:permission, and verify the sender of intents. Users can uninstall the app or use a device policy to block untrusted apps from sending broadcasts [1].