A Universal Way to Exploit Android PendingIntents in High-profile and System Apps
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a comprehensive analysis of Android PendingIntents vulnerabilities in high-profile and system apps during this Black Hat conference talk. Delve into the intricacies of PendingIntent exploitation, covering topics such as retrieving and hijacking insecure PendingIntents, case studies of CVEs, and automated hunting techniques. Learn about security changes in Android 12 and receive essential guidelines for securing PendingIntents in app development. Gain valuable insights from experts Wenbo Chen, En He, and Daoyuan Wu as they uncover potential privilege escalation risks and provide practical advice for mitigating these vulnerabilities in Android applications.
Syllabus
Intro
Agenda
Who we are
The Pendingintent API
Previous Research
Retrieving Pendingintents
Hijacking Insecure Pendingintents
Deep Dive Into PendingIntent
Hijacking Pendingintents with Implicit Base Intent
Case Studies
POC of CVE-2020-0188
CVE-2020-0389: Notification
A-166126300: MediaBrowser Service
Some High Profile Apps: AppWidgets
CVE-2020-0294: System Service
Restrictions on URI Grant from uid 1000
Hunting Insecure Pendingintents Automatically
Search APIs without IMMUTABLE
Search Empty or Implicit base Intents
Security Changes in Android 12
Security Guidelines
Final Advice
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube