Explore a comprehensive analysis of Intent Message vulnerabilities in Android applications in this 17-minute Black Hat conference talk. Delve into the identification of common programming malpractices that introduce security flaws, and learn about the development of an effective static analyzer for automatic vulnerability detection. Discover how the research team demonstrates the real-world exploitability of these vulnerabilities through automatic payload generation. Gain insights into the formal approach used to reproduce dangerous behaviors in vulnerable apps, and understand the implications of insufficient sanity checks when receiving messages from unknown sources. Cover topics including Android components, attack models, UI targets, databases, remote target attacks, formal analysis, static analysis, and validation results.
Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android
Overview
Syllabus
Introduction
Outline
Android Components
Previous Research
Analysis
Services
Intent Message
Attack Model
UI Target
Databases
Remote Target Attacks
Formal Analysis
Static Analysis
Validation
Results
Application Analysis
Taught by
Black Hat
