Blackhat presentation slides: Android master key

Posted on Monday, August 19th, 2013 in Android, hacks, security by the machinegeek

Bluebox CTO, Jeff Forristal’s presentation slide package entitled “Android: One Root to Own Them All” about his research that uncovered the Android Master Key is now available.

This presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013. The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature; that in turn is a simple step away from system access & control. The vulnerability affects a wide number of Android devices, across generations & architectures, with little to no modifications of the exploit. The presentation will review how the vulnerability was located, how an exploit was created, and why the exploit works, giving you insight into the vulnerability problem and the exploitation process. Working PoCs for major Android device vendors will be made available to coincide with the presentation.

You can download the 103-page PDF of the presentation slides from Bluebox.

This entry was posted on Monday, August 19th, 2013 at 12:01 am and is filed under Android, hacks, security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “Blackhat presentation slides: Android master key”

  1. It’s so interesting to see how the system can be turned against itself. A good hacker just needs one little opening to slip through in and once they are under the “skin” of the security it’s very easy to avoid the things that raise red flags.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • KH: That's a good one, ha ha. Let's see whether ST Microelectronics takes action. I can understand how this can be done legally, ARM is not...
  • Ja: Where these GD chips can be found? Everywhere I look I have found only STM chips.
  • Max: Well, there's your problem. Or rather, the problem with Arduino in general: a) not using interrupts for anything that can't wait, and b) using delay()...
  • KH: yield() instead of proper interrupt-driven code? Ewwwwwww... somebody please teach these Arduino folks proper AVR microcontroller programming!
  • Henry: Hope I win one thanks