CVE-2024-36062
📋 TL;DR
This vulnerability allows any Android application installed on the same device to place phone calls without user interaction by sending a crafted intent to the AI Call Assistant & Screener app. It affects Android users who have version 1.174 of the AI Call Assistant & Screener app installed.
💻 Affected Systems
- AI Call Assistant & Screener (com.callassistant.android)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious apps could place premium-rate calls, incurring significant charges, or make calls to emergency services causing service disruption.
Likely Case
Malware or compromised apps could place unwanted calls to contacts or random numbers, potentially revealing user contacts or causing minor charges.
If Mitigated
With proper app sandboxing and intent filtering, the impact would be limited to calls being placed without user consent but with no further system compromise.
🎯 Exploit Status
The GitHub reference contains exploit details. Any app can trigger this without user interaction.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown - check Google Play Store for updates
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Open Google Play Store 2. Search for 'AI Call Assistant & Screener' 3. Check for app updates 4. Install any available update
🔧 Temporary Workarounds
Uninstall vulnerable app
androidRemove the AI Call Assistant & Screener app from the device
Settings > Apps > AI Call Assistant & Screener > Uninstall
Disable app
androidDisable the app if uninstallation is not possible
Settings > Apps > AI Call Assistant & Screener > Disable
🧯 If You Can't Patch
- Restrict installation of unknown apps from untrusted sources
- Use Android's app permission monitoring to detect unusual call behavior
🔍 How to Verify
Check if Vulnerable:
Check app version in Settings > Apps > AI Call Assistant & Screener > App info. If version is 1.174, device is vulnerable.Check Version:
adb shell dumpsys package com.callassistant.android | grep versionNameVerify Fix Applied:
After updating, verify version is no longer 1.174. Test with a benign intent to confirm calls require user interaction.📡 Detection & Monitoring
Log Indicators:
- Unexpected call logs from AI Call Assistant app
- Intents to com.callassistant.android.ui.call.incall.InCallActivity from other apps
Network Indicators:
- Unexpected outgoing calls from devices with the app installed
SIEM Query:
Not applicable - this is a mobile app vulnerability