Explore the vulnerabilities in Android's Stagefright multimedia framework in this 56-minute Black Hat conference talk by Joshua Drake. Dive deep into the security challenges of a critically exposed codebase present on 95% of Android devices. Learn about discovery techniques, Android OS internals, and the disclosure process for uncovering implementation issues ranging from remote code execution to denial of service. Gain insights into effective vulnerability discovery in Android, understand the implications of these security flaws, and discover the measures taken to enhance Android's overall security. Witness proof-of-concept demonstrations and explore the future challenges in securing the world's leading smartphone operating system.
Overview
Syllabus
Intro
About Joshua J. Drake akajduck
Motivations
Sponsors
What is Stagefright?
Why Stagefright?
Related Work
Androld Architecture
Process Architecture
Process Privileges (Nexus 5)
Privilege Survey Results II
Architecture Recap
Locating the Attack Surface
What do you find?
Vector Enumeration Methodology
Modularity Complicates Matters
Enter the Media Scanner
Tons of Attack Vectors!
The Scariest Part - MMS
Where does this work?
Triggers Virally
Discovery Methodology
First Round Specifics
First Round Results
Enter American Fuzzy Lop
Second Round Results
Bug Summary
Details for a FAIL
Embarrassing, but Educational
Exploitability Analysis
mediaserver Recap
New in Android 5.0
Mitigation Summary
Address Space Layout Randomization
Disclosure process review
Update Deployment
Taught by
Black Hat
