YoVDO

Hey Google, Activate Spyware! - When Google Assistant Uses a Vulnerability as a Feature

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Android Development Courses Cybersecurity Courses Application Security Courses Mobile Device Security Courses

Course Description

Overview

Explore a critical security research presentation revealing 0-day vulnerabilities in Android smartphones. Delve into the manipulation of actions and intents that allow unauthorized camera control without specific permissions. Learn about Android terminology, exported activities, permission checks, and the creation of rogue applications. Examine the implications for user privacy, including unauthorized selfies, screen capture, and location metadata extraction. Follow the disclosure timeline, Google's response, and the impact on other Android vendors. Gain insights into the intersection of voice assistant features and potential security risks in this eye-opening 28-minute Black Hat conference talk by Erez Yalon.

Syllabus

Introduction
Android Terminology
Hey Google Take a Selfie
Intents
Permissions
Summary
Analyzing exported activities
Not looking for permission checks
Creating a rogue application
Persistence
Application
Hacking the Phone
The Screen
Back to the List
Location Metadata
Rogue Application
Proximity Sensor Activation
What Hackers Really Want
Disclosure Timeline
Other Android Vendors
Google Response
Conclusion


Taught by

Black Hat

Related Courses

Creative, Serious and Playful Science of Android Apps
University of Illinois at Urbana-Champaign via Coursera Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems
Vanderbilt University via Coursera Android. Programación de Aplicaciones
Miríadax Programming Mobile Applications for Android Handheld Systems: Part 1
University of Maryland, College Park via Coursera Begin Programming: Build Your First Mobile Game
University of Reading via FutureLearn