Abusing Over-The-Air Client Provisioning

Explore the security vulnerabilities in over-the-air client provisioning for major smartphone brands in this conference talk from the Hack In The Box Security Conference. Discover how attackers can exploit weaknesses in network settings installation processes to compromise user privacy and take control of network traffic. Learn about the attack flows, including live demonstrations, and understand the root causes stemming from outdated mobile client provisioning specifications. Gain insights into the potential risks users face when accepting seemingly legitimate network settings from unknown sources. Examine the ongoing efforts by affected vendors to address these security issues and discuss potential mitigations. Benefit from the expertise of security researchers Slava Makkaveev and Artyom Skrobov as they delve into the intricacies of mobile platform and firmware security.