Cwa-app-ios: [BSI][20200720] Onboarding Screen Infinite Loop when Database is Corrupted

Created on 20 Jul 2020  路  1Comment  路  Source: corona-warn-app/cwa-app-ios

Rating: Low

Description:
If the secureStore.sqlite database gets corrupted, the app will get caught in an infinite loop in the onboarding screen. As it is extremely unlikely that the database gets corrupted during normal usage and the impact is rather low, this is not a security issue.

PoC:
The database has been purposely manipulated (on a jailbroken phone) using the following command:

mv secureStore.sqlite secureStore.orig && echo "ASDF" | cat - secureStore.orig > secureStore.sqlite

The app will then continously cycle through the app start screens.

bug
Source
picture BSI-TF-CWA
👀2

Most helpful comment

If you willfully damage any component of an application there is always the risk that this application will no longer work correctly. On a jailbroken device, people could also modify some bytes of the actual executable, used libraries etc. - nearly impossible to do anything about it.

Thank you for your understanding that we can only accept issues that may be caused by regular use of the application. In other words: If the database can become corrupt by any action that can be done on a regular device with the regular app, we will accept such an issue. This one unfortunately needs to be closed.

Mit freundlichen Gr眉脽en/Best regards,
SW
Corona Warn-App Open Source Team

picture SebastianWolf-SAP on 20 Jul 2020
👍2

>All comments

If you willfully damage any component of an application there is always the risk that this application will no longer work correctly. On a jailbroken device, people could also modify some bytes of the actual executable, used libraries etc. - nearly impossible to do anything about it.

Thank you for your understanding that we can only accept issues that may be caused by regular use of the application. In other words: If the database can become corrupt by any action that can be done on a regular device with the regular app, we will accept such an issue. This one unfortunately needs to be closed.

Mit freundlichen Gr眉脽en/Best regards,
SW
Corona Warn-App Open Source Team

SebastianWolf-SAP picture SebastianWolf-SAP on 20 Jul 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

felixbohnacker picture felixbohnacker  路  3Comments
rainervonuns picture rainervonuns  路  3Comments
rsplaul picture rsplaul  路  3Comments
christianbrb picture christianbrb  路  3Comments
mss1010 picture mss1010  路  3Comments