Adaptive Android Kernel Live Patching

Explore an adaptive Android kernel live patching framework in this 54-minute conference talk from Hack In The Box Security Conference. Dive into the world of Android kernel vulnerabilities and their exploitation by malware and APTs. Learn about the challenges of patching these vulnerabilities and the innovative solution presented by the speakers. Discover how this framework enables hotpatching for unpatched kernels, works directly on binaries, and automatically adjusts to different device models and kernel versions. Understand the benefits for third-party developers and the potential impact on shortening patch deployment periods. Gain insights into Android security, malware analysis, and vulnerability research from experienced security researchers Tim Xia and Yulong Zhang. Follow along as they discuss various Android vulnerabilities, root attacks, and the limitations of current solutions. Examine the technical details of the proposed framework, including version magic, module structure checks, and memory allocation techniques. Conclude with a look at famous vulnerabilities, popular devices, and the future of Android security ecosystem alignment.

Introduction
Outline
Two types of vulnerabilities
Most security mechanisms of Android
Recent Android vulnerabilities
Conclusions
Tower Root
Pimpin Root
Pipe Root
Public POC
Root Apps
Google Chrome
Chemi
Ghost Push
Dark Spectres
Why
Long pattern chain
Device fragmentation
Google stats
Chinese stats
Capability mismatch
Security vendors
Limitations
Solution
Version Magic
Module Structure Check
Bypass Kernel Module Authentication
Circle Injection
Memory Allocation
From User Memory
Branch
No explicit operation
Optimization
Limitations of current solutions
Famous vulnerabilities
Most popular devices
Demos
Next steps
Call out
Ecosystem
Ecosystem Alignment
Questions