Explore a comprehensive Android exploitation case study focusing on the Stagefright vulnerability in this 49-minute conference talk from Derbycon 2016. Delve into the root cause, consequences, and Android security implications of Stagefright. Learn about collaboration efforts, mitigation strategies, and various exploit techniques including Metaphor and Metadata. Examine the limitations of existing methods and discover new approaches such as Height Tag, Code Pointer, and Virtual Methods. Gain insights into Android device diversity, witness a live demo of the exploit, and understand the intricacies of exploit development and release processes.
Overview
Syllabus
Intro
Motivations
Collaboration
What is Stagefright
The Root Cause
The Consequence
Android Security
Jmalik
Mitigation Summary
Exploits
Metaphor
Metadata
Limitations
New Technique
Height Tag
Code Pointer
Virtual Methods
SLR
Result
Key Exploit Details
Android Device Diversity
Live Demo
Escape
Stagefright
Mirroring
Samsung
Metadata Processing
Minor Adjustments
Conclusion
Exploit Dev
Release
