Android FakeID Vulnerability Walkthrough

Channel:

All Hacking Cons

Subscribers:

5,970

Published on January 2, 2022 2:34:25 PM ● Video Link: https://www.youtube.com/watch?v=xcbRWzgzZso

Category:

Walkthrough

Duration: 29:49

7 views

The team that discovered the Android MasterKey vulnerability in 2013 is here to present another new Android vulnerability with widespread impact: a flaw in Android application handling, allowing malicious applications to escape the normal application sandbox and get special security privileges without any user notification. This can lead to a malicious application having the ability to steal user data, recover passwords and secrets, or in certain cases, compromise the whole Android device. The vulnerability is embedded in all shipped Android devices since January 2010 (Android Eclair 2.1).

This presentation aims to: walk through the technical root cause of this responsibly disclosed vulnerability (Google bug 13678484), explain why it's a problem, show how an attacker would create an exploit for it, and finally demonstrate the exploit against a live device. The presentation will also coincide with the release of a free security scanning tool to help end-users scan for risk of this vulnerability on their end devices.

PRESENTED BY
Jeff Forristal

Black Hat - USA - 2014 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security

Other Videos By All Hacking Cons

2022-01-02	Bitcoin Transaction Malleability Theory in Practice
2022-01-02	A Journey to Protect Points of Sale
2022-01-02	Extreme Privilege Escalation on Windows 8 UEFI Systems
2022-01-02	Babar ians at the Gate Data Protection at Massive Scale
2022-01-02	Exposing Bootkits with BIOS Emulation
2022-01-02	Attacking Mobile Broadband Modems Like a Criminal Would
2022-01-02	Creating a Spider Goat Security with Intel CPU Transactional Memory Support
2022-01-02	APT Attribution and DNS Profiling
2022-01-02	Exploiting Unpatched iOS Vulnerabilities for Fun and Profit
2022-01-02	Contemporary Automatic Program Analysis
2022-01-02	Android FakeID Vulnerability Walkthrough
2022-01-02	Full System Emulation Achieving Successful Automated Dynamic Analysis of Evasive Malware
2022-01-02	Breaking the Security of Physical Devices by Silvio Cesare
2022-01-02	A Practical Attack Against VDI Solutions
2022-01-02	Bringing Software Defined Radio to the Penetration Testing Community
2022-01-02	Building Safe Systems at Scale Lessons from Six Months at Yahoo
2022-01-02	A Scalable, Ensemble Approach for Building and Visualizing Deep Code Sharing Networks
2022-01-02	GRR Find All the Badness, Collect All the Things
2022-01-02	A Survey of Remote Automotive Attack Surfaces
2022-01-02	Call To Arms A Tale of the Weaknesses of Current Client Side XSS Filtering
2022-01-02	Hacking the Wireless World with Software Defined Radio 2 0

Tags:

data

hacker

security

computer

cyber

internet

technology

hacking

attack

digital

information

hack

password

code

concept

thief

protection

network

malware

secure

phishing

software

access

safety

theft

system

firewall

communication

business

privacy

binary

account

spy

programmer

program

spyware

hacked

hacking conference

conference

learn

how to

2022

cybersecurity

owned

break in

google

securing

exploit

exploitation

recon

social engineering

Jeff Forristal

android hacking

hack android

FakeID

Channel	Latest
Icehiteru	8 hours ago
Skyprince777	8 hours ago
Funky Black Cat	9 hours ago
AnimeToons	10 hours ago
GLITCH	13 hours ago
IntroGameOver	14 hours ago
Beyond the Brick	15 hours ago
alanzoka	15 hours ago
CarbotAnimations	16 hours ago
UpUpDownDown	16 hours ago
BanryuTV	18 hours ago
Sey Senpai	18 hours ago
Thinknoodles	19 hours ago
BeastBoyShub	19 hours ago
RC Kowters	19 hours ago
Andre Nicholas	19 hours ago
XOTICTRE	20 hours ago
Anikilo - Squad Busters	20 hours ago
BUMNOX	20 hours ago
Tin2x Mix Vlog	20 hours ago
xHedi92x	20 hours ago
ALL SERIES	20 hours ago
Wolf Rider Gamerz	20 hours ago
Fragilistic	20 hours ago
Onua966	20 hours ago