Presented at
DerbyCon 6.0 Recharge (2016),
Sept. 23, 2016, 1 p.m.
(50 minutes).
Last year, Joshua disclosed multiple vulnerabilities in Android’s multimedia processing library libstagefright. This disclosure went viral under the moniker “Stagefright,” garnered national press, and ultimately helped spur widespread change throughout the mobile ecosystem. Since initial disclosure, a multitude of additional vulnerabilities have been disclosed affecting the library.
In the course of his research, Joshua developed and shared multiple exploits for the issues he disclosed with Google. In response to Joshua and others’ findings, the Android Security Team made many security improvements. Some changes went effective immediately, some later, and others still are set to ship with the next version of Android—Nougat.
Joshua will discuss the culmination of knowledge gained from the body of research that made these exploits possible despite exploit mitigations present in Android. He will divulge details of how his latest exploit, a Metasploit module for CVE-2015-3864, works and explore remaining challenges that leave the Android operating system vulnerable to attack. Joshua will release the Metasploit module to the public at DerbyCon.
Presenters:
Similar Presentations: