YoVDO

Android Parcels - The Bad, the Good and the Better - Introducing Android's Safer Parcel

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Android Development Courses Android Security Courses Arbitrary Code Execution Courses

Course Description

Overview

Explore a comprehensive 39-minute conference talk from Black Hat that delves into Android's Parcel serialization mechanism and its security implications. Gain insights into the vulnerabilities associated with Parcelable implementations, which have plagued Android for nearly a decade. Discover how these high-severity flaws have been exploited by malware authors to achieve privileged exploits, including silent package installation and arbitrary code execution. Learn about various exploit techniques, such as the persistent Bundle FengShui exploits, and a newly reported exploit chain (CVE-2021-0928) that enables arbitrary code execution in privileged application processes on Android 12. Presented by Hao Ke, Bernardo Rufino, Maria Uretsky, and Yang Yang, this talk offers a detailed examination of Android Parcels' security landscape and introduces the concept of a safer Parcel implementation.

Syllabus

Android Parcels: The Bad, the Good and the Better - Introducing Android's Safer Parcel


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube