1. CUP Overview
Companion UI Platform (CUP) is a open library which allows you to display information from a host device, for example a smartphone, on companion devices and devices that use CUP. CUP contains many control widgets named winsets, which is useful to create graphic layouts to display information.
The host device control the companion device’s display by sending request to companion
devices using Bluetooth. CUP Browser is facilitate to display the CUP winset on wearable
devices in many types, and receive interaction events back from the wearable devices.
The CUP architecture is simply contained:
- Applications: The applications are built on CUP as main platform.
- CUP API: Components for creating and showing various layouts on the companion device, including the callback interface.
- CUP Service: Service used to connect between the host and companion device
2. Session Hijacking:
The classes in Scup library use to connect to watch apps are private. So the idea is that we will implement a new public class to create a new illegal connection to other watch apps. Scup uses Scup Communicator class to initiate connection to watch and connection services are only using the package as constructor parameter. We can compromise application by change the target connection.
The weakness point is that GearFil watch does not have any authenticated method when application create service connection to connect with watch application. The parameters are only package name and Samsung service name. After host application connect successful to watch app, we create one more new connection to the other application and send the command. Watch app receive the command and perform because it believes that command come from legal application.
Unfortunately, all of connection function in Scup library is private function. We need to
implement a new function by integrating from these functions and build a new library.