Dangerous Hare - Hanging Attribute References Hazards Due to Vendor Customization

Explore the security implications of hanging attribute references (Hare) in customized Android systems during this Black Hat conference talk. Delve into how aggressive customization by hardware manufacturers, device makers, and carriers has led to a fragmented ecosystem with compromised component relationships. Discover how malicious apps can exploit these vulnerabilities to acquire critical system capabilities. Learn about the 21,557 likely Hare flaws found across 97 popular Android devices, including examples of stealing voice notes, controlling screen unlock processes, and injecting messages into popular apps. Gain insights into new techniques for automatically detecting Hare flaws and receive guidance on avoiding these pitfalls in future system development.

Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization