Exploiting the Bells and Whistles: Uncovering OEM Vulnerabilities in Android

No ratings

Presented at CarolinaCon 2014 by

Jake Valletta

I know what you're probably thinking: "another Android talk on how to use Baksmali and Apktool to remove ads from Angry Birds." Well not this time. Instead of walking through the process of exploiting a single application, this talk will focus on attacking the features introduced by device manufacturers and carriers. I'll present new tools and techniques to determine exactly what the hardware manufacturers and carriers added, deleted, and changed in the free version of Android. Some things we’ll inspect include new framework functionality, applications, system binaries, and libraries. From here, we’ll search for weaknesses and demonstrate how malicious users could abuse these vulnerabilities. A basic understanding of Android and its security model is encouraged, but not required.