Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Authenticator Leakage Through Backup Channels on Android

Black Hat via YouTube

Overview

Explore the critical security vulnerabilities in Android authentication protocols through this Black Hat conference talk. Delve into the risks associated with authenticator management in Android apps, focusing on potential leakage through backup channels. Examine how most apps store credentials in persistent storage, relying on Android OS for protection, and learn why this approach can be problematic. Discover how backup apps on Google Play may inadvertently expose sensitive data to malicious apps with basic permissions. Follow the speaker's systematic investigation of this overlooked attack vector, including the development of a proof-of-concept app called AuthSniffer. Understand the widespread nature of this threat, affecting 68.4% of top-ranked apps with authentication schemes. Gain insights into various authentication types, backup mechanisms, and potential mitigation strategies for developers. This comprehensive analysis aims to raise awareness about the importance of secure authenticator management in Android app development and protocol design.

Syllabus

Introduction
Applications
Native vs Web
Agenda
Web Authentication
Summary
Types of Authenticator
Basic Authentication
Single SIA
Android Account Manager
Demo
Protocol Security
Infrastructure Security
Internal Storage
Adulation Mechanism
Backup Function
ADB Based Backup
ADB Based Backup Implementation
Backup Data
Authentication Protocol
Helium
Reverse Engineering
Helium Interface
Broadcast Password
Exception
Cover
Evaluation
WebBased Backup
Evolution Evaluation
Case Study
Mitigation
Developers
Conclusion

Taught by

Black Hat

Reviews

Start your review of Authenticator Leakage Through Backup Channels on Android

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.