Security Vulnerabilities in Prepaid Android Smartphones - A Comprehensive Analysis

Explore a security-focused conference talk from DEF CON 31 examining vulnerabilities in prepaid and unlocked Android smartphones available in the US market. Dive into detailed findings from testing 21 prepaid carrier devices and 11 unlocked smartphones, revealing critical security flaws that can be exploited with minimal permissions. Learn about discovered vulnerabilities including arbitrary command execution, AT command execution, unauthorized file operations, factory reset capabilities, GPS coordinate leakage, and exposure of device identifiers. Understand how third-party apps with no or basic permissions can exploit pre-loaded software to escalate privileges and bypass security controls. Follow along with detailed explanations of attack vectors, requirements, and workflows that highlight common software flaws across multiple layers of the Android stack. Building on previous research presented at DEF CON 26, gain insights into the current state of security for carrier Android devices and implications for developers and security researchers.