Blackhat presentation slides: Android master key

Bluebox CTO, Jeff Forristal’s presentation slide package entitled “Android: One Root to Own Them All” about his research that uncovered the Android Master Key is now available.

This presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013. The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature; that in turn is a simple step away from system access & control. The vulnerability affects a wide number of Android devices, across generations & architectures, with little to no modifications of the exploit. The presentation will review how the vulnerability was located, how an exploit was created, and why the exploit works, giving you insight into the vulnerability problem and the exploitation process. Working PoCs for major Android device vendors will be made available to coincide with the presentation.

You can download the 103-page PDF of the presentation slides from Bluebox.

Join the Conversation

1 Comment

  1. It’s so interesting to see how the system can be turned against itself. A good hacker just needs one little opening to slip through in and once they are under the “skin” of the security it’s very easy to avoid the things that raise red flags.

Leave a comment

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.