Certifi gate Front Door Access To Pwning Millions Of Androids

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=4IasLhaYjv8


Duration: 34:09
1 views
0

Hundreds of millions of Android devices, including those running Lollipop, the latest and most secure version of Android OS, can be hijacked. A comprehensive study has revealed the existence of multiple instances of a fundamental flaw within the Android customisation chain that leave millions of devices (and users) vulnerable to attack.

These vulnerabilities allow an attacker to take advantage of unsecure apps certified by OEMs and carriers to gain unfettered access to any device, including screen scraping, key logging, private information exfiltration, back door app installation, and more. In this session, Lacoon researchers will walk through the technical root cause of these responsibly-disclosed vulnerabilities including hash collisions, IPC abuse and certificate forging which allow an attacker to grant their malware complete control of a victims device. We'll explain why these vulnerabilities are a serious problem that in some ways can't be completely eliminated, show how attackers exploit them, demonstrate an exploit against a live device, and provide remediation advice.


PRESENTED BY
Ohad Bobrov, Avi Bashan

Black Hat - USA - 2015 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-04Most Ransomware Isn t As Complex As You Might Think
2022-01-03Switches Get Stitches
2022-01-03Repurposing OnionDuke A Single Case Study Around Reusing Nation State Malware
2022-01-03Assessing And Exploiting BigNum Vulnerabilities
2022-01-03Bypass Control Flow Guard Comprehensively
2022-01-03Dom Flow Untangling The DOM For More Easy Juicy Bugs
2022-01-03How Vulnerable Are We To Scams
2022-01-03Bypass Surgery Abusing Content Delivery Networks With Ser Side Request Forgery
2022-01-03Information Access And Information Sharing Where We Are And Where We Are Going
2022-01-03Attacking ECMAScript Engines With Redefinition
2022-01-03Certifi gate Front Door Access To Pwning Millions Of Androids
2022-01-03Emanate Like A Boss Generalized Covert Data Exfiltration With Funtenna
2022-01-03Attacking Hypervisors Using Firmware And Hardware
2022-01-03Cloning 3G4G SIM Cards With A PC And An Oscilloscope Lessons Learned
2022-01-03Internet Facing PLCs A New Back Orifice
2022-01-03Exploiting Out of Order Execution For Covert Cross VM Communication
2022-01-03Commercial Mobile Spyware Detecting The Undetectable
2022-01-03Internet Plumbing Gor Security Professionals The State Of BGP Security
2022-01-03Automated Human Vulnerability Scanning With AVA
2022-01-03Exploiting The DRAM Rowhammer Bug To Gain Kernel Privileges
2022-01-03CrackLord Maximizing Password Cracking Boxes


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
virus
information
hack
online
password
code
web
concept
thief
protection
network
malware
secure
identity
software
access
safety
theft
system
firewall
communication
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
android
hacking android
Ohad Bobrov
Avi Bashan