Explore Android's latest security enhancements and their effectiveness in this 19-minute conference talk from BSidesLV 2018. Delve into topics such as SELinux implementation, Stagefright, and Project Treble's impact on Android security. Examine the MediaDrmServer's decrypt method and analyze the CVE-2017-13253 bug, including its buffer overflow vulnerability. Gain insights into how Project Treble's refactoring affects security measures and understand why MediaDrmServer serves as a prime example. Conclude with a comprehensive overview of Android's evolving security landscape and its implications for developers and users alike.
Treble or Trouble - Where Android's Latest Security Enhancements Help And Where They Fail
Overview
Syllabus
Intro
Security enhancements
SELinux in Android
Stagefright
Project Treble as a security enhancement
MediaDrmServer's decrypt method
The bug - CVE-2017-13253
Buffer overflow
The effect of Project Treble's refactoring
MediaDrmServer is just an example
Conclusion
Taught by
BSidesLV
