A New Fuzzing Method for Android

Explore a groundbreaking fuzzing method for Android security in this 20-minute conference talk from the Hack In The Box Security Conference. Discover how to uncover vulnerabilities through quantitative and qualitative changes, leveraging function point combinations to comprehensively explore state spaces. Learn about the speakers' success in identifying approximately twenty 0-day vulnerabilities on smartOS and other phones, as well as their first-place win in the Smartisan vulnerability digging competition. Gain insights into the application of this method on OEM devices like Samsung, Huawei, and Smartisan OS, resulting in the discovery of over 50 bugs and vulnerabilities. Understand the core ideas behind this innovative approach, including quantitative changes for single and multiple function points, with practical examples using clipboard fuzzing. Witness a demonstration of the method's effectiveness and draw inspiration for identifying previously undiscovered vulnerabilities in Android systems.