This talk is based on research that was recently conducted and resulted in serious security findings and 0-day vulnerabilities in Android-based smartphones. Our team found a way of manipulating specific actions and intents, making it possible for any application, without specific permissions, to control the camera app. Through the use of a rogue app, given no permissions, an attacker could establish and maintain a persistent backdoor connection to the victim's smartphone and remotely command it to take photos and videos without the victim knowing it, even if the phone is locked or the screen is turned off. Once the photos and videos are taken, an attacker can remotely retrieve the files from the smartphone's SD card. Plus, an attacker can track the victim's geolocation using GPS metadata from the photos and videos in real-time. Not only can the smartphone be remotely commanded to take photos and videos with both front and back cameras, but the same rogue app can also be used to record audio and video while a victim is on a voice call.
The findings were submitted to the Android ecosystem. Google and Samsung confirmed they were affected, triaged as High Severity, and have been addressed by Google and Samsung engineers.
Attendees will learn about some very interesting vulnerabilities in the Android OS. The story starts with the discovery of the security issues, how they were exploited, and understanding their meaning to users of Android-based smartphones. In this talk, I will provide a glimpse into the attackers' mindset, including the steps taken to chain different vulnerabilities together, and leveraging them into a full-blown weaponized rogue app.
This talk will also include a live demonstration of the rogue app and how it was used to exploit the vulnerabilities in the Android OS.