Categories

Blackhat presentation slides: Android master key

Posted on Monday, August 19th, 2013 in Android, hacks, security by the machinegeek

DroidMasterKey
Bluebox CTO, Jeff Forristal’s presentation slide package entitled “Android: One Root to Own Them All” about his research that uncovered the Android Master Key is now available.

This presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013. The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature; that in turn is a simple step away from system access & control. The vulnerability affects a wide number of Android devices, across generations & architectures, with little to no modifications of the exploit. The presentation will review how the vulnerability was located, how an exploit was created, and why the exploit works, giving you insight into the vulnerability problem and the exploitation process. Working PoCs for major Android device vendors will be made available to coincide with the presentation.

You can download the 103-page PDF of the presentation slides from Bluebox.

This entry was posted on Monday, August 19th, 2013 at 12:01 am and is filed under Android, hacks, security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “Blackhat presentation slides: Android master key”

  1. It’s so interesting to see how the system can be turned against itself. A good hacker just needs one little opening to slip through in and once they are under the “skin” of the security it’s very easy to avoid the things that raise red flags.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • coppice: If all you have found so far is fake iphones, the next place you should visit is SEG in Hua Qiang Bei. Get out of...
  • Edward Cooper: Great article and good find on the markets! Any chance you can provide the locations of these places? I'm in Shenzhen at the moment and...
  • Dan: I'm up for one
  • TrickyNekro: Always in for another bunch! :-D
  • mol-1: Maybe this time !