Fuzzing Remote Interfaces for System Services in Android

Presented at DeepSec 2016 „Ten“, Unknown date/time (Unknown duration)

System services represent one of the core components in Android, implementing many fundamental Android features such as media playback, graphics or network connectivity. The fact that the large majority of system services exposes a remote interface that can be called by other unprivileged applications or services makes them an excellent attack vector. From a system security perspective this task makes even more sense since most of the components and processes executed behind each system service run with high or increased privileges. The presentation will focus on a fuzzing approach that can be used for testing system services in Android, providing in-depth information about the implementation of the tools developed to accomplish this task and examples of actual vulnerabilities that were discovered in the latest versions of Android.

Presenters:

• Alexandru Blanda - Intel Corporation
  Alexandru Blanda is a software security engineer, part of the Open Source Technology Center at Intel Corporation. He is currently working on projects related to the overall security of the Android OS, mainly focusing on methods to improve the efficiency of fuzzing techniques inside this environment and discovering ways to uncover vulnerabilities inside different components of the operating system.

Links:

• https://deepsec.net/archive/2016.deepsec.net/speaker.html#PSLOT251
• https://infocon.org/cons/DeepSec/DeepSec 2016/Fuzzing Remote Interfaces for System Services in Android.mp4

Similar Presentations:

• Black Hat Europe 2015 / Fuzzing Android: A Recipe for Uncovering Vulnerabilities Inside System Components in Android
• Summercon 2010 / Android Hax
• DeepSec 2015 „DeepSec No. 9“ / File Format Fuzzing in Android - Giving a Stagefright to the Android Installer