Loading…
Back To Schedule
Tuesday, October 13 • 16:40 - 17:25
Certifi-gate - Front Door Access to Pwning hundreds of Millions of Androids Devices - the aftermath

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Hundreds of millions of Android devices, including those running Lollipop, the latest and most secure version of Android OS, can be hijacked. A comprehensive study has revealed the existence of multiple instances of a fundamental flaw within the Android customisation chain that leave millions of devices (and users) vulnerable to attack.

These vulnerabilities allow an attacker to take advantage of unsecure apps certified by OEMs and carriers to gain unfettered access to any device, including screen scraping, key logging, private information exfiltration, back door app installation, and more. In this session, Lacoon researchers will walk through the technical root cause of these responsibly-disclosed vulnerabilities including hash collisions, IPC abuse and certificate forging which allow an attacker to grant their malware complete control of a victims device. We'll explain why these vulnerabilities are a serious problem that in some ways can't be completely eliminated, show how attackers exploit them, demonstrate an exploit against a live device, and provide remediation advice.


Speakers

Tuesday October 13, 2015 16:40 - 17:25 IDT
Room 10 - CS and Communications Building
  Track 2

Attendees (1)