Categories

Blackhat presentation slides: Android master key

Posted on Monday, August 19th, 2013 in Android, hacks, security by the machinegeek

DroidMasterKey
Bluebox CTO, Jeff Forristal’s presentation slide package entitled “Android: One Root to Own Them All” about his research that uncovered the Android Master Key is now available.

This presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013. The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature; that in turn is a simple step away from system access & control. The vulnerability affects a wide number of Android devices, across generations & architectures, with little to no modifications of the exploit. The presentation will review how the vulnerability was located, how an exploit was created, and why the exploit works, giving you insight into the vulnerability problem and the exploitation process. Working PoCs for major Android device vendors will be made available to coincide with the presentation.

You can download the 103-page PDF of the presentation slides from Bluebox.

This entry was posted on Monday, August 19th, 2013 at 12:01 am and is filed under Android, hacks, security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “Blackhat presentation slides: Android master key”

  1. It’s so interesting to see how the system can be turned against itself. A good hacker just needs one little opening to slip through in and once they are under the “skin” of the security it’s very easy to avoid the things that raise red flags.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Craig B: Shouldn't the default be 00xxx010? Note that bit 0 appears out of order in the documentation. In that case I think the initial value is...
  • JJM: From the datasheet extract you are showing, the power up status should be 00xxx010, not 000xxx01. Bit numbering is misleading since 'measurement resolution' is apparently...
  • Jan Ciger (@janoc200): Hmm, that could actually explain why the three sensor IMU breakout I have bought a few years ago had all sorts of issues - I...
  • Travis: Is it preset to the windows 3 fingered salute?
  • Glenn: What a cool idea !