The Secret Codes Tell the Secrets

Explore the hidden world of Android secret codes and their security implications in this 41-minute conference talk from the Hack In The Box Security Conference. Discover how attackers can exploit factory-installed apps like EngineerMode to access sensitive device information, perform factory resets, and potentially gain root access. Learn about authentication bypass and privilege escalation vulnerabilities found in top mobile vendors' phones, including system reset bypasses and lock-screen PIN leaks. Examine the risks associated with Qualcomm's Kernel FFBM mode and its potential impact on device functionality and OTA updates. Gain insights into a custom-built fuzzing tool for scanning secret codes and understand how these vulnerabilities breach Android's permission system. Witness demonstrations of typical bugs found across various OEM devices, including Samsung, Huawei, Oppo, Vivo, Meizu, Xiaomi, and Smartisan OS, and get inspired to uncover new vulnerabilities in Android devices.