CVE-2017-13322
📋 TL;DR
This vulnerability in Android's PhoneInterfaceManager allows local attackers to block emergency service calls through a logic error in the endCallForSubscriber function. It affects Android devices running vulnerable versions, requiring no user interaction or special privileges for exploitation.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
Android by Google
Android by Google
Android by Google
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of emergency services access, preventing users from calling 911 or other emergency numbers during critical situations.
Likely Case
Temporary disruption of emergency calling functionality until device restart or patch application.
If Mitigated
Minimal impact if patched promptly, with emergency services remaining accessible.
🎯 Exploit Status
Exploitation requires local access but no user interaction. The vulnerability is in system-level code but doesn't require elevated privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Patch Level 2018-05-01 or later
Vendor Advisory: https://source.android.com/security/bulletin/pixel/2018-05-01
Restart Required: Yes
Instructions:
1. Check for system updates in Settings > System > Advanced > System update. 2. Install the May 2018 Android security patch or later. 3. Reboot the device after installation.
🔧 Temporary Workarounds
Disable unnecessary telephony apps
androidRemove or disable third-party calling/dialer apps that might trigger the vulnerable code path
adb shell pm disable-user <package_name>
🧯 If You Can't Patch
- Restrict physical access to devices and monitor for suspicious telephony app behavior
- Implement mobile device management (MDM) controls to detect and block malicious apps
🔍 How to Verify
Check if Vulnerable:
Check Android version and security patch level in Settings > About phone > Android version and Security patch levelCheck Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify security patch level is 2018-05-01 or later and test emergency calling functionality📡 Detection & Monitoring
Log Indicators:
- Multiple failed emergency call attempts
- Unexpected endCallForSubscriber invocations
- Telephony service crashes
Network Indicators:
- Repeated emergency call failures without network issues
SIEM Query:
source="android_logs" AND ("endCallForSubscriber" OR "emergency call failed")