Bypassing Browser Security Policies for Fun and Profit

Explore a comprehensive analysis of mobile browser security vulnerabilities in this Black Hat conference talk. Delve into the world of bypassing core security policies like Same Origin Policy and Content Security Policy in mobile browsers. Discover various security flaws including Address Bar Spoofing, Content Spoofing, Cross Origin CSS Attacks, Charset Inheritance, CSP Bypass, and Mixed Content Bypass found in Android browsers. Learn about the testing methodology used to uncover Android zero-day vulnerabilities and examine real-world examples of security weaknesses in popular Android third-party web browsers and Android WebView. Gain insights into the root causes of these bugs, their exploitation techniques, and potential patches. Conclude with a demonstration of a sample test suite for assessing basic security properties of mobile web browsers.

Intro
Agenda
Testing methodology & References
Introduction Same Origin Policy
SOP Bypasses For Android Browsers
SOP Bypass 1 - CVE 2014-6041 (POC)
SOP Bypass 2 - POC
Google Play's Web Remote Installation Feature
Introduction: Cross Scheme Data Exposure
CSDE Vulnerability Android Stock Browser
Cross Scheme Data Exposure Attack Plan
Android Gingerbread CSDE (POC)
Android Jellybean CSDE (POC)
CSP And Mobile Browsers
Problem with Mobile Browsers And CSP
Android Patch Management issues
How Apple Panch management Works? (Will's Graphs)
How Everything else works
Blackhat Sound Bytes