A Universal Way to Exploit Android PendingIntents in High-profile and System Apps

A Universal Way to Exploit Android PendingIntents in High-profile and System Apps

Black Hat via YouTube Direct link

Security Guidelines

21 of 22

21 of 22

Security Guidelines

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

A Universal Way to Exploit Android PendingIntents in High-profile and System Apps

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Agenda
  3. 3 Who we are
  4. 4 The Pendingintent API
  5. 5 Previous Research
  6. 6 Retrieving Pendingintents
  7. 7 Hijacking Insecure Pendingintents
  8. 8 Deep Dive Into PendingIntent
  9. 9 Hijacking Pendingintents with Implicit Base Intent
  10. 10 Case Studies
  11. 11 POC of CVE-2020-0188
  12. 12 CVE-2020-0389: Notification
  13. 13 A-166126300: MediaBrowser Service
  14. 14 Some High Profile Apps: AppWidgets
  15. 15 CVE-2020-0294: System Service
  16. 16 Restrictions on URI Grant from uid 1000
  17. 17 Hunting Insecure Pendingintents Automatically
  18. 18 Search APIs without IMMUTABLE
  19. 19 Search Empty or Implicit base Intents
  20. 20 Security Changes in Android 12
  21. 21 Security Guidelines
  22. 22 Final Advice

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.