CVE-2024-53931
📋 TL;DR
This vulnerability allows any Android application without permissions to place phone calls without user interaction by sending a crafted intent to the iCaller app's DialerActivity component. It affects all users of the iCaller (Caller Theme & Dialer) Android application version 1.1 and earlier. The vulnerability enables unauthorized phone calls that could lead to toll fraud, harassment, or privacy violations.
💻 Affected Systems
- iCaller (Caller Theme & Dialer)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could place premium-rate international calls, incurring significant financial costs for the victim, or make calls to emergency services causing service disruption and potential legal consequences.
Likely Case
Malicious apps could place unauthorized calls to premium numbers, generate revenue for attackers through toll fraud, or make harassing calls to contacts.
If Mitigated
With proper app permissions and intent filtering, the vulnerability would be blocked, preventing unauthorized call placement.
🎯 Exploit Status
The exploit requires a malicious app to be installed on the same device, but that app needs no permissions. The GitHub reference contains proof-of-concept code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Uninstall the iCaller application immediately. 2. Check for updated versions from official app stores. 3. If an update is available, install it and verify the vulnerability is patched.
🔧 Temporary Workarounds
Uninstall iCaller App
androidRemove the vulnerable application from all Android devices
adb uninstall com.glitter.caller.screen
Disable App via ADB
androidDisable the application without uninstalling it
adb shell pm disable-user --user 0 com.glitter.caller.screen
🧯 If You Can't Patch
- Uninstall the iCaller application immediately
- Use Android's app permission settings to deny phone call permissions to all suspicious apps
- Monitor phone bills for unauthorized calls
- Consider using alternative dialer applications from reputable vendors
🔍 How to Verify
Check if Vulnerable:
Check if com.glitter.caller.screen is installed: adb shell pm list packages | grep glitterCheck Version:
adb shell dumpsys package com.glitter.caller.screen | grep versionNameVerify Fix Applied:
Verify the app is no longer installed or has been updated to a version above 1.1📡 Detection & Monitoring
Log Indicators:
- Unexpected phone call intents from non-dialer applications
- Phone call logs showing calls not initiated by user
- Android system logs showing DialerActivity intents from unexpected sources
Network Indicators:
- Unexpected outgoing calls to premium or international numbers
- Call patterns inconsistent with user behavior
SIEM Query:
Not applicable for mobile app vulnerability