Explore Android device security research techniques using a diverse device cluster in this conference talk presented by Joshua J. Drake at 44CON Information Security Conference. Learn how to address the "fragmentation" challenge in the Android ecosystem by creating a heterogeneous cluster of devices for more effective auditing and exploit development. Discover the speaker's approach to examining similarities and differences between devices, testing research findings, and extracting specific information. Gain insights into the motivation behind this method, the process of assembling a "droid army," and the tools used for analysis. Witness demonstrations of the setup, including comparisons between devices and automation techniques. Understand the implications of Android's diversity on security research and how this innovative approach can enhance vulnerability discovery and analysis in the world's leading smartphone operating system.
Researching Android Device Security with the Help of a Droid Army
44CON Information Security Conference via YouTube
Overview
Syllabus
Intro
Agenda
Who am I
Motivation for this talk
fragmentation
the end effect
demo
existing solutions
vulnerability research
Zeroday discovery
Buying devices
Android TV sticks
More Android devices
More devices
Disaster strikes
The Hub
The Hubs
Futureproofing
Root Hub
Hub Control
Wall warts
Bitcoin forums
Assembled cable
Scale issues
One month later
Back in the house
Tools
App Kudo
Busybox
Stock ROMs
Droid Army Demo
Auditing Tasks
Compare Devices
Final Demo
Other Tasks
Conclusion
Distractions
Further Automation
Taught by
44CON Information Security Conference
