Tweet
Nikita Kurtin - Defaults - the faults. Bypassing android permissions from all protection levels.
Nikita Kurtin, Hacker
Presentation Title: Defaults - the faults. Bypassing android permissions from all protection levels.
Presentation description: Bypassing Permission mechanism using Default services in Android.
Length of presentation: (45 minutes)
Demo, Exploit
Exploring in depth the android permission mechanism, through different protection levels.
Step by step exploitations techniques that affect more than 98% of all Android devices including the last official release (Android 12).
In this talk I reveal a few different techniques that I uncovered in my research, which can allow hackers to bypass permissions from all protection levels in any Android device, which is more than 3 billion active devices according to the google official stats.
These vulnerabilities enable the hacker to bypass the security measures of android, by abusing default (built in) services and get access to abilities and resources which are protected by permission mechanism.
Some vulnerabilities are partially fixed, others won't be fixed as google considers as intended behavior.
In this talk I'll survey the different vulnerabilities, and deep dive into a few of different exploitations.
Finally, I'll demonstrate how those techniques can be combined together to create real life implications and to use for: Ransomware, Clickjacking, Uninstalling other apps and more, completely undetected by security measures.
SPEAKER BIO(S)
By day - senior research developer
By night - street workout athlete
Sometimes vice versa ;-)
Favorite quote: "Between dream and reality, there is only you."
You can see CVE on my name here:
https://source.android.com/security/...knowledgements
https://stackoverflow.com/users/3219...in?tab=profile
REFERENCES:
https://developer.android.com/about/dashboards
https://developer.android.com/guide/topics/permissions
https://blog.dscout.com/mobile-touches
And honestly a lot of trials and errors.
Nikita Kurtin, Hacker
Presentation Title: Defaults - the faults. Bypassing android permissions from all protection levels.
Presentation description: Bypassing Permission mechanism using Default services in Android.
Length of presentation: (45 minutes)
Demo, Exploit
Exploring in depth the android permission mechanism, through different protection levels.
Step by step exploitations techniques that affect more than 98% of all Android devices including the last official release (Android 12).
In this talk I reveal a few different techniques that I uncovered in my research, which can allow hackers to bypass permissions from all protection levels in any Android device, which is more than 3 billion active devices according to the google official stats.
These vulnerabilities enable the hacker to bypass the security measures of android, by abusing default (built in) services and get access to abilities and resources which are protected by permission mechanism.
Some vulnerabilities are partially fixed, others won't be fixed as google considers as intended behavior.
In this talk I'll survey the different vulnerabilities, and deep dive into a few of different exploitations.
Finally, I'll demonstrate how those techniques can be combined together to create real life implications and to use for: Ransomware, Clickjacking, Uninstalling other apps and more, completely undetected by security measures.
SPEAKER BIO(S)
By day - senior research developer
By night - street workout athlete
Sometimes vice versa ;-)
Favorite quote: "Between dream and reality, there is only you."
You can see CVE on my name here:
https://source.android.com/security/...knowledgements
https://stackoverflow.com/users/3219...in?tab=profile
REFERENCES:
https://developer.android.com/about/dashboards
https://developer.android.com/guide/topics/permissions
https://blog.dscout.com/mobile-touches
And honestly a lot of trials and errors.