Android Parcels - The Bad, the Good and the Better - Introducing Android's Safer Parcel
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a comprehensive 39-minute conference talk from Black Hat that delves into Android's Parcel serialization mechanism and its security implications. Gain insights into the vulnerabilities associated with Parcelable implementations, which have plagued Android for nearly a decade. Discover how these high-severity flaws have been exploited by malware authors to achieve privileged exploits, including silent package installation and arbitrary code execution. Learn about various exploit techniques, such as the persistent Bundle FengShui exploits, and a newly reported exploit chain (CVE-2021-0928) that enables arbitrary code execution in privileged application processes on Android 12. Presented by Hao Ke, Bernardo Rufino, Maria Uretsky, and Yang Yang, this talk offers a detailed examination of Android Parcels' security landscape and introduces the concept of a safer Parcel implementation.
Syllabus
Android Parcels: The Bad, the Good and the Better - Introducing Android's Safer Parcel
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube