Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Physical Attacks Against Smartphones: Android Security Vulnerabilities and Exploits

DEFCONConference via YouTube

Overview

Learn about critical vulnerabilities in modern Android smartphones through a DEF CON 31 conference talk that explores physical attack vectors and security weaknesses. Dive into detailed case studies examining privilege escalation techniques through Recovery mode exploitation and Secondary Bootloader vulnerabilities. Explore how to achieve root access on locked bootloader devices using only a Micro SD card, and discover USB stack vulnerabilities that enable code execution and modified Android image booting. Master advanced concepts including SELinux protection bypasses, command injection exploitation, init process manipulation, USB control transfer fuzzing, and bootloader debugging. Gain hands-on knowledge of Android security architecture, bootloader operations, and real-world attack methodologies through practical demonstrations and technical deep-dives into vendor-specific Android implementations.

Syllabus

Introduction
Case Study 1 - Rooting On A Locked Bootloader
Target Device
Disabled Bootloader Unlock
Finding An Exploit
SELinux Protection
Alternative Attack Vectors
Custom Recovery Mode
Finding An Update Image
Recovery Mode Menu
Root Cause Analysis
Exploiting Command Injection
Getting A Shell
Switching To Android
Overriding Init
Init Process
Shared Mounts
Patching out SELinux Checks
Fixing Kernel Panics
Reinitialising Services
Replacing Read-Only Files
Hidden RAMDisk
Case Study 2 - Exploiting An Exynos Secondary Bootloader
Fuzzing USB Control Transfers
Initial Fuzzing Attempts
Causing A Crash
Exploiting Descriptor Overwrite
Brute Forcing Memory
Dumping Memory
DEP Misconfiguration
Basic Code Execution
Reimplementing Boot
Boot Debugging
Kernel Execution
Boot Failure
Bootloader Threads
Disabling Threads
Aarch64 Exceptions
Additional Errors
Android Modification
Final Notes
Disclosure
Conclusion

Taught by

DEFCONConference

Reviews

Start your review of Physical Attacks Against Smartphones: Android Security Vulnerabilities and Exploits

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.