Explore a critical security presentation on the hidden vulnerabilities within Android's Netlink kernel modules. Dive deep into the Netlink mechanism, a socket family designed for inter-process communication between the kernel and user-space processes. Understand why Netlink has become an overlooked attack surface in the Android ecosystem, despite its widespread use. Learn about the four threat models derived from Classic Netlink and Generic Netlink categories, and their associated vulnerability scenarios. Discover the findings from an investigation of Netlink-related kernel modules from four major vendors, revealing over 30 security vulnerabilities and 12 CVEs. Gain insights into the analysis, verification, and exploitation of these vulnerabilities, which can lead to serious consequences like privilege escalation. Conclude with valuable security recommendations for vendors using Netlink, based on vulnerability statistics and root cause analysis.
LinkDoor - A Hidden Attack Surface in the Android Netlink Kernel Modules
Overview
Syllabus
LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules
Taught by
Black Hat
Related Courses
-
Exploiting UAF by Ret2bpf in Android Kernel
-
Year in Review - Android Kernel Security
-
Unix Domain Socket - A Hidden Door Leading to Privilege Escalation in the Android Ecosystem
-
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder
-
Attacking Debug Modules in the Android Ecosystem
-
Your Trash Kernel Bug, My Precious 0-day
