System Property Modification Vulnerability in Vivo V7 by Vivo
CVE-2018-15002
4.7MEDIUM
What is CVE-2018-15002?
The Vivo V7 device is susceptible to a vulnerability that permits any application co-located on the device to modify system properties, specifically through an exported service in the com.qualcomm.qti.modemtestmode app. This vulnerability allows apps to set key-value pairs for system properties that are retained even after a reboot. A notable misuse of this vulnerability is the ability to log user touchscreen inputs by enabling the persist.sys.input.log property, facilitating potential privacy breaches. Furthermore, the log data can be accessed through an existing vulnerability, requiring only the READ_EXTERNAL_STORAGE permission to expose sensitive user interactions.