The firewall Android deserves: A context-aware kernel message filter and modifier

Presented at Summercon 2016, July 16, 2016, 4 p.m. (50 minutes).

Android Marshmallow introduced a feature users sorely needed: dynamic permissions. We take this a few steps further by hooking Android's Binder IPC system to give users fine-grained control over messages passed between applications. Because every message in Android passes through Binder, we have all the keys to all the locks. I'll cover how we hooked Binder to modify camera and microphone data, restrict permissions based on environmental context, steal kernel messages and reinsert them (like Netfilter), and allow regex-like parsing of all messages in Android.

Presenters:

• David Wu
  David Wu is a recent graduate of Dartmouth College. There he worked with Sergey Bratus on projects involving VPN fingerprinting and Linux instrumentation. He also developed particle physics simulations for Brookhaven National Laboratory and automated website analysis tools for Ionic Security. In his free time he enjoys learning that everyone but him has a twitter account. @davidwuuuuuuuu

Links:

• https://www.summercon.org/archives/2016/presentations.html#android-firewall

Similar Presentations:

• Black Hat USA 2015 / Fuzzing Android System Services by Binder Call to Escalate Privilege
• ShmooCon XIII (2017) / A Context-Aware Kernel IPC Firewall for Android
• Black Hat Europe 2014 / Man in the Binder: He Who Controls IPC, Controls the Droid