A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Android 4.0: Ice Cream “Sudo Make Me a” Sandwich - Max Sobell Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Android 4.0: Ice Cream “Sudo Make Me a” Sandwich - Max Sobell
Derbycon 2013

Description: “With the advent of Android 4.0+, we have seen the rooting landscape shift dramatically. This presentation gives a brief, but highly technical overview of the most ingenious new types of attacks on 4.0+. We will give an overview of Android’s device protection mechanisms in 4.0+ and how they can be circumvented or unintentionally undermined by device manufacturers. Each device manufacturer and carrier can add or modify code from the Android Open Source Project (AOSP). This can include access to device memory, exploitable processes which run as the root user, initialization scripts which perform privileged actions without proper validation, or APKs which leak access to otherwise-protected information sources. This talk will examine what carriers and device manufacturers are doing to prevent (or assist) customers root their devices. We will also detail /boot and /recovery differences between OEMs, how signature checks are performed, and demonstrate some of our tools to examine new devices and find potential security flaws. This talk is not about exploiting the AOSP, but rather identifying mistakes and misconfigurations due to customized builds and additional features.”

Bio: Max is a senior consultant and research director at Intrepidus Group based out of NYC. He specializes in mobile device penetration testing and has spent time researching NFC (for access control and on mobile devices), Bluetooth, mobile wallets, and secure elements. Before working in security, he designed high speed trading algorithms and worked in commodities. Max is a licensed HAM operator and contributes chapters to several best selling Linux books. He has presented at ShmooCon, CanSecWest, EuSecWest, SecTor, SOURCE: Boston, and various local conferences.

Back to Derbycon 2013 video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast