Black Friday 2024: 25+ Ways to Save on Online Learning

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Inside Android's SafetyNet Attestation

Black Hat via YouTube

Start learning Write review

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Grab it
Explore the inner workings of Android's SafetyNet Attestation in this comprehensive Black Hat conference talk. Delve into the primary security platform used by Google to maintain the integrity of the Android ecosystem. Learn about the SafetyNet Attestation service offered to Android application developers, providing insights into Google's assessment of operating system and device tampering. Discover attack patterns, OS modification methods, and the evolution of device integrity detection. Examine the SafetyNet modules, attestation process, and implementation challenges. Investigate the relationship between SafetyNet and Android versions, as well as potential vulnerabilities such as bootloader unlocking and client-side response validation. Gain knowledge about application integrity checks, code modification attacks, and their impact on Android security. This in-depth presentation by Collin Mulliner and John Kozyrakis offers valuable insights for developers, security professionals, and anyone interested in Android security mechanisms.

Syllabus

Intro
Attack patterns
OS modification methods
Device integrity detection the old Days
That's a low bar
Hardcoded checks
Attackers can easily disable detections
Attackers can easily feed checkers with bad data
Raising the bar
SafetyNet details
caveats
Criticism
SafetyNet JAR
SafetyNet modules
Example: device_state
SafetyNet Attestation: Overview
SafetyNet Attestation: Call Chain
SafetyNet Attestation: Request Attestation
SafetyNet Attestation Overview: Request Attestation
SafetyNet Attestation: Forward Data
SafetyNet Attestation: Attest Device & App
SafetyNet Attestation: Deliver Result
Ideal implementation
Attestation result validation
Check crypto!
cts Profile Match & basicIntegrity
SafetyNet and the Nonce
Handle errors!
Attestation: just an API Call away!?
API Failures...
Howto: App/APK Integrity
Implementation & Deployment Summary
SafetyNet vs. Android Versions
Android 4
Boot Loader Unlocked
Client-side response validation?
SuHide and Magisk
SafetyNet's Application Integrity Checks
Running Code on Android
ODEX Code Modification Attack: Overview (Generic)
Attacking ODEX files: all Android Versions
Attacking ODEX files without Root (Android 6)
ODEX file Attack via Dirtycow
Attack Impact
Fun time

Taught by

Black Hat

Reviews

Start your review of Inside Android's SafetyNet Attestation

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.