Explore a critical vulnerability affecting Samsung Android devices in this 26-minute Black Hat conference talk. Discover how local apps with zero permissions can exploit a flaw in pre-installed software to execute arbitrary Intent objects as the system user. Learn about the impact on Android versions 9 through 12, including the ability to start non-exported activity app components and send broadcasts to receiver components. Understand the security implications of this vulnerability, which allows third-party apps to leverage system-level permissions, privileges, and capabilities. Gain insights from security experts Ryan Johnson, Mohamed Elsabagh, and Angelos Stavrou as they delve into the technical details and potential consequences of this Samsung Android security issue.
Start Arbitrary Activity App Components as the System User Vulnerability Affecting Samsung Android
Overview
Syllabus
Start Arbitrary Activity App Components as the System User Vulnerability Affecting Samsung Android
Taught by
Black Hat
Related Courses
-
Unprotected Broadcasts in Android 9 and 10
-
Resurrecting the Read Logs Permission on Samsung Devices
-
Android FakeID Vulnerability Walkthrough
-
Dirty Stream Attack - Turning Android Share Targets Into Attack Vectors
-
Binder - The Bridge To Root - Hongli Han and Mingjian Zhou
-
Samsung Developer Program and Free Tools for Android Developers
