Certifi-gate: Front-Door Access to Pwning Millions of Androids

Presented at Black Hat USA 2015, Aug. 6, 2015, 9:45 a.m. (50 minutes)

Hundreds of millions of Android devices, including those running Lollipop, the latest and most secure version of Android OS, can be hijacked. A comprehensive study has revealed the existence of multiple instances of a fundamental flaw within the Android customisation chain that leave millions of devices (and users) vulnerable to attack.

These vulnerabilities allow an attacker to take advantage of unsecure apps certified by OEMs and carriers to gain unfettered access to any device, including screen scraping, key logging, private information exfiltration, back door app installation, and more. In this session, Lacoon researchers will walk through the technical root cause of these responsibly-disclosed vulnerabilities including hash collisions, IPC abuse and certificate forging which allow an attacker to grant their malware complete control of a victims device. We'll explain why these vulnerabilities are a serious problem that in some ways can't be completely eliminated, show how attackers exploit them, demonstrate an exploit against a live device, and provide remediation advice.

Presenters:

• Avi Bashan - Check Point
  Avi Bashan is a Technology Leader at Check Point, former Senior Security Researcher and CISO at Lacoon Mobile Security. With more than 10 years of experience in the mobile, networking, and security industries, Avi is one of the main figures in the research and engineering aspects of the company. Prior to Lacoon, Avi was a leading security consultant at Comsec, working with Fortune 500 firms on their vulnerability management processes. He spent four and a half years in the Israeli Defense Force. Avi holds a B.Med.Sc from the Hebrew University of Israel in Medical Studies.
• Ohad Bobrov - Check Point
  Ohad Bobrov is the Mobile Threat Prevention Area Manager at Check Point, former CTO and co-founder of Lacoon Mobile Security. Ohad has nearly 15 years of experience in mobile and networks. Prior to Lacoon, he founded the mobile mass network solution department at NICE systems and led it for five years. Ohad holds a BSc in Computer Sciences and an MBA from Tel-Aviv University. He was granted a number of awards both for his academic work and professional achievements.

Links:

• https://www.blackhat.com/us-15/briefings.html#certifi-gate-front-door-access-to-pwning-millions-of-androids
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - Certifi gate Front Door Access To Pwning Millions Of Androids.mp4
• https://www.youtube.com/watch?v=G-uOgxhOGx8
• https://www.blackhat.com/docs/us-15/materials/us-15-Bobrov-Certifi-Gate-Front-Door-Access-To-Pwning-Millions-Of-Androids.pdf
• https://www.blackhat.com/docs/us-15/materials/us-15-Bobrov-Certifi-Gate-Front-Door-Access-To-Pwning-Millions-Of-Androids-wp.pdf

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / Android 4.0: Ice Cream “Sudo Make Me a” Sandwich
• Black Hat USA 2014 / Android FakeID Vulnerability Walkthrough
• DEF CON 26 (2018) / Vulnerable Out of the Box: An Evaluation of Android Carrier Devices