Overview
Explore a critical security vulnerability in Android's intent-based information exchange system in this 32-minute Black Hat conference talk. Dive into the intricacies of how Android applications use intents for file sharing and messaging, focusing on the ACTION_SEND action for stream forwarding. Learn about the potential risks associated with both implicit and explicit intents, and how attackers can exploit exported components. Discover the "Dirty Stream Attack" technique presented by Dimitrios Valsamaras, which turns Android share targets into attack vectors. Gain insights into the security implications of Android's intent resolver and manifest filters. Access the full abstract and presentation materials to deepen your understanding of this Android security threat and its potential impact on mobile application development and user safety.
Syllabus
Dirty Stream Attack, Turning Android Share Targets Into Attack Vectors
Taught by
Black Hat