Explore a 17-minute Black Hat conference talk that delves into the "Sidewinder Targeted Attack" against Android devices. Learn how vulnerabilities in apps, the Android system, and aggressive ad libraries can be exploited for powerful targeted attacks. Discover how attackers can intercept location information from ad libraries to identify specific targets, such as CEO offices or conference rooms. Understand the exploitation of popular vulnerabilities in ad libraries, including Javascript-binding-over-HTTP and dynamic-loading-over-HTTP. Gain insights into techniques for invoking Android services from injected native code, enabling actions like taking photos, making calls, sending SMS, and accessing clipboards. Examine newly discovered Android vulnerabilities that allow for privacy breaches and advanced attacks. Watch real-world demonstrations using apps from Google Play, and understand the ongoing threat to millions of users due to slow patching and fragmentation in the Android ecosystem.
Sidewinder Targeted Attack Against Android in the Golden Age of Ad Libs
Overview
Syllabus
Sidewinder Targeted Attack Against Android in the Golden Age of Ad Libs
Taught by
Black Hat
Related Courses
-
Android Commercial Spyware Disease and Medication
-
A Mirage of Safety - Bug Finding & Exploit Techniques of Top Android Vendor's Privacy Protection Apps
-
A Deep Dive into Privacy Dashboard of Top Android Vendors
-
Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android
-
Scaling Up Baseband Attacks - More Unexpected Attack Surface
-
Don't Stand So Close To Me - An Analysis of the NFC Attack Surface
