Explore the inner workings of Android's Binder system in this 32-minute Black Hat conference talk. Delve into the critical role of Binder as the sole vehicle for Inter-Process Communication (IPC) in Android, and understand its significance in controlling application interactions. Examine how Binder's unique architecture minimizes the attack surface against the kernel while simultaneously making it a prime target for malware. Learn about the potential security implications of compromising Binder, including the ability to implement keyloggers, set up VNC-like functionality, and modify sensitive data in transit. Gain insights into a proof-of-concept rootkit that demonstrates these vulnerabilities. Get a comprehensive overview of Binder at its lowest level, including details on data transport buffer construction and kernel communication. Discover why this presentation is crucial for the security community, shedding light on an under-researched yet critical component of Android's architecture.
Overview
Syllabus
Man in the Binder: He Who Controls IPC, Controls the Droid
Taught by
Black Hat