CVE-2014-8610

Android < 5.0.0 - Unauthenticated SMS Transmission via Broadcast Intent

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8610. PoCs published by eddieoz.

AI-analyzed exploit summary This repository contains an educational proof-of-concept for the Dual_EC_DRBG backdoor (CVE-2014-8610), demonstrating how the NSA allegedly backdoored a NIST standard. It includes a Jupyter notebook and scripts to simulate the attack, showing state recovery from observed output.

Description

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.

Exploits (1)

nomisec WORKING POC

by eddieoz · poc

https://github.com/eddieoz/dual-ec-drbg

View Code ZIP pw:eip

This repository contains an educational proof-of-concept for the Dual_EC_DRBG backdoor (CVE-2014-8610), demonstrating how the NSA allegedly backdoored a NIST standard. It includes a Jupyter notebook and scripts to simulate the attack, showing state recovery from observed output.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Systems using Dual_EC_DRBG (deprecated since 2014)

No auth needed

Prerequisites: Python 3.8+ · pip · ecdsa>=0.18.0 · jupyter>=1.0.0 · ipython>=7.0.0

MITRE ATT&CK

T1205 - Traffic Signaling

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit x_refsource_misc

https://github.com/joswr1ght/drozer-modules/blob/master/whfs/smsdraftsend.py

View Exploit ZIP pw:eip

Exploit x_refsource_misc

http://xteam.baidu.com/?p=164

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Nov/85

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Dec/8

Exploit x_refsource_misc

http://packetstormsecurity.com/files/129282/Android-SMS-Resend.html

Vendor Advisory x_refsource_confirm

https://android.googlesource.com/platform/packages/apps/Mms/+/008d6202fca4002a7dfe333f22377faa73585c67

Scores

EPSS 0.0034

EPSS Percentile 26.1%

Details

CWE

CWE-264

Status published

Products (43)

google/android 1.0

google/android 1.1

google/android 1.5

google/android 1.6

google/android 2.0

google/android 2.0.1

google/android 2.1

google/android 2.2 (2 CPE variants)

google/android 2.2.1

google/android 2.2.2

... and 33 more

Published Dec 15, 2014

Tracked Since Feb 18, 2026