This app demonstrates two high severity permanent denial-of-service vulnerabilities in Android's WallpaperManagerService that I discovered: CVE-2021-39670 and CVE-2021-39690.
After running either exploit, the device will keep repeatedly crashing and rebooting.
Write-up coming soon! :)
- Exploits the
setStreamAPI inWallpaperManagerto exhaust device memory by setting a malicious bitmap file as the wallpaper. - Appears to be very portable across manufacturers and device versions.
- Patch released in May 2022 Android Security Bulletin.
- Was patched by using a more efficient wallpaper decoder in
WallpaperManagerService, and adding a file-based recovery system in case wallpaper still fails to be decoded.
- Exploits the display padding functionality in some Android phones to either crash
SurfaceFlingeror exhaust device memory. - I could only reproduce this vulnerability in Pixel devices with animated live wallpapers.
- Requires Android P or higher.
- Initial patch released in March 2022 Android Security Bulletin.
- Was initially patched by adding stricter input validation in
SurfaceFlinger, and then fully mitigated by adding a padding limit inWallpaperManager.
As far as I'm aware devices bricked due to these vulnerabilities can't be fixed except through factory reset. Please run this app at your own risk. Note that this project is provided for educational purposes only; please don't use it for malicious activities.