Overview
Explore a critical vulnerability affecting Samsung Android devices in this 26-minute Black Hat conference talk. Discover how local apps with zero permissions can exploit a flaw in pre-installed software to execute arbitrary Intent objects as the system user. Learn about the impact on Android versions 9 through 12, including the ability to start non-exported activity app components and send broadcasts to receiver components. Understand the security implications of this vulnerability, which allows third-party apps to leverage system-level permissions, privileges, and capabilities. Gain insights from security experts Ryan Johnson, Mohamed Elsabagh, and Angelos Stavrou as they delve into the technical details and potential consequences of this Samsung Android security issue.
Syllabus
Start Arbitrary Activity App Components as the System User Vulnerability Affecting Samsung Android
Taught by
Black Hat