Dangerous Hare - Hanging Attribute References Hazards Due to Vendor Customization
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the security implications of hanging attribute references (Hare) in customized Android systems during this Black Hat conference talk. Delve into how aggressive customization by hardware manufacturers, device makers, and carriers has led to a fragmented ecosystem with compromised component relationships. Discover how malicious apps can exploit these vulnerabilities to acquire critical system capabilities. Learn about the 21,557 likely Hare flaws found across 97 popular Android devices, including examples of stealing voice notes, controlling screen unlock processes, and injecting messages into popular apps. Gain insights into new techniques for automatically detecting Hare flaws and receive guidance on avoiding these pitfalls in future system development.
Syllabus
Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube