Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Android FakeID Vulnerability Walkthrough

Black Hat via YouTube

Overview

Explore the Android FakeID vulnerability in this 30-minute Black Hat conference talk. Delve into the technical root cause of a flaw in Android application handling that allows malicious apps to bypass the normal sandbox and gain special security privileges without user notification. Learn how this vulnerability, present in Android devices since January 2010, can lead to data theft, password recovery, and potential device compromise. Discover the intricacies of PKI basics, self-signed certificates, and certificate chains. Follow along as the presenter demonstrates live exploit examples, including the installation and execution of a malicious app. Gain insights into security hygiene practices and learn about a free security scanning tool to assess your device's vulnerability risk.

Syllabus

Introduction
PKI Basics
SelfSigned Certificates
Root Certificate Authority
Certificate Chain
OSP Code
Cryptographic Relationship
Selfsigned cert
What can you do
What we did
What we found
How to build an exploit
Onlive example
Live example
Evil app
Evil app installation
Evil app execution
Backchannel payload
App installation
Drozer
Example
What to do
Free BlueBox Security Scanner
Security Hygiene
Outro

Taught by

Black Hat

Reviews

Start your review of Android FakeID Vulnerability Walkthrough

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.