Certifi-gate - Front-Door Access To Pwning Millions Of Androids

Explore a critical security vulnerability affecting hundreds of millions of Android devices, including those running the latest Lollipop OS. Delve into a comprehensive study revealing multiple instances of a fundamental flaw within the Android customization chain. Learn how attackers can exploit unsecure apps certified by OEMs and carriers to gain unfettered access to devices, enabling screen scraping, key logging, private information exfiltration, and backdoor app installation. Follow Lacoon researchers as they dissect the technical root causes of these responsibly-disclosed vulnerabilities, including hash collisions, IPC abuse, and certificate forging. Understand why these issues pose a serious threat that cannot be completely eliminated, witness a live device exploit demonstration, and gain valuable remediation advice to protect against potential attacks.

Certifi-gate: Front-Door Access To Pwning Millions Of Androids