Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hey Google, Activate Spyware! - When Google Assistant Uses a Vulnerability as a Feature

Black Hat via YouTube

Overview

Explore a critical security research presentation revealing 0-day vulnerabilities in Android smartphones. Delve into the manipulation of actions and intents that allow unauthorized camera control without specific permissions. Learn about Android terminology, exported activities, permission checks, and the creation of rogue applications. Examine the implications for user privacy, including unauthorized selfies, screen capture, and location metadata extraction. Follow the disclosure timeline, Google's response, and the impact on other Android vendors. Gain insights into the intersection of voice assistant features and potential security risks in this eye-opening 28-minute Black Hat conference talk by Erez Yalon.

Syllabus

Introduction
Android Terminology
Hey Google Take a Selfie
Intents
Permissions
Summary
Analyzing exported activities
Not looking for permission checks
Creating a rogue application
Persistence
Application
Hacking the Phone
The Screen
Back to the List
Location Metadata
Rogue Application
Proximity Sensor Activation
What Hackers Really Want
Disclosure Timeline
Other Android Vendors
Google Response
Conclusion

Taught by

Black Hat

Reviews

Start your review of Hey Google, Activate Spyware! - When Google Assistant Uses a Vulnerability as a Feature

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.