Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Dirty Stream Attack - Turning Android Share Targets To Attack Vectors

nullcon via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of Android's intent-based information exchange system and learn about the "Dirty Stream Attack" in this 42-minute conference talk. Dive into how malicious applications can exploit vulnerabilities in receiving apps that blindly trust incoming streams without proper validation. Discover the similarities between this attack and file upload vulnerabilities in web applications. Examine real-world examples of susceptible apps with millions of installations on Google Play Store. Gain insights into creating malicious content providers, triggering attack flows, and choosing effective payloads. Understand the risks of misconfigured content providers and potential code execution vulnerabilities. Learn essential security measures to protect share targets and prevent unauthorized access to sensitive user data.

Syllabus

Intro
Intents in a nutshell
Content Providers (Server)
File Providers (server)
Content providers - Security
Handling a stream
Dirty stream attack
Creating a malicious provider
Carrying The payload
Triggering the flow
Choosing the payload
Misconfigured content providers
Code Execution
Dynamic Module delivery in a nutshell
Securing Share Targets

Taught by

nullcon

Reviews

Start your review of Dirty Stream Attack - Turning Android Share Targets To Attack Vectors

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.