CVE-2018-17403 : Security Advisory and Response

PhonePe wallet app for Android versions 3.0.6 through 3.3.26 has a potential vulnerability allowing attackers to create accounts without user consent.

Understanding CVE-2018-17403

The vulnerability in the PhonePe wallet app for Android could lead to unauthorized account creation by attackers.

What is CVE-2018-17403?

The PhonePe wallet app for Android versions 3.0.6 through 3.3.26 is susceptible to exploitation, enabling attackers to create accounts without user knowledge.

The Impact of CVE-2018-17403

Attackers can create accounts on behalf of users without their consent.
Users are required to install a malicious app and grant accessibility permission for exploitation.
Android platform warns users before enabling accessibility for any application.
Vendor compares this vulnerability to installing malicious keyboards or apps capturing screenshots.

Technical Details of CVE-2018-17403

The technical aspects of the CVE-2018-17403 vulnerability are as follows:

Vulnerability Description

PhonePe wallet app for Android versions 3.0.6 through 3.3.26 is affected.

Affected Systems and Versions

Product: n/a
Vendor: n/a
Versions: 3.0.6 through 3.3.26

Exploitation Mechanism

Attackers need users to install a malicious app and grant accessibility permission.

Mitigation and Prevention

Steps to mitigate and prevent exploitation of CVE-2018-17403:

Immediate Steps to Take

Avoid installing apps from untrusted sources.
Be cautious when granting permissions to apps.

Long-Term Security Practices

Regularly update the PhonePe app to the latest version.
Enable security features on your Android device.

Patching and Updates

Stay informed about security updates for the PhonePe app.