File Format Fuzzing in Android - Giving a Stagefright to the Android Installer

Presented at DeepSec 2015 „DeepSec No. 9“, Nov. 19, 2015, noon (50 minutes).

The presentation focuses on revealing a fuzzing approach that can be used to uncover different types of vulnerabilities inside multiple core system components of the Android OS. The session will be targeted on exposing the general idea behind this approach and how it applies to several real-life targets from the Android OS, with examples of actual discovered vulnerabilities. These vulnerabilities affect critical components of the Android OS and the audience will have the opportunity to learn about the way they were discovered and possible exploit scenarios. The most important targets that will be included in the talk: the Android APK installer and the Stagefright media framework.

Presenters:

• Alexandru Blanda - Intel Corporation
  Alexandru Blanda is a software security engineer as part of the Open Source Technology Center at Intel Corporation. He is currently involved in working on projects related to the overall security of the Android OS, mainly focusing on methods to improve the efficiency of fuzzing techniques inside this environment and discovering ways to uncover vulnerabilities inside different components of the operating system.

Links:

• https://deepsec.net/archive/2015.deepsec.net/speaker.html#PSLOT199
• https://infocon.org/cons/DeepSec/DeepSec 2015/File Format Fuzzing in Android Giving a Stagefright to the Android Installer.mp4
• https://infocon.org/cons/DeepSec/DeepSec 2015/File Format Fuzzing in Android Giving a Stagefright to the Android Installer.srt (subtitles)

Tags:

• Android

Similar Presentations:

• DeepSec 2016 „Ten“ / Fuzzing Remote Interfaces for System Services in Android
• Summercon 2010 / Android Hax
• Black Hat Europe 2015 / Fuzzing Android: A Recipe for Uncovering Vulnerabilities Inside System Components in Android