SystemUI as EvilPiP - Hijacking Attacks on Modern Mobile Devices

Explore a groundbreaking 33-minute Black Hat conference talk unveiling "EvilPiP," a novel hijacking attack on modern Android devices. Delve into the discovery of a new attack surface called PiP, buried in the system for six years, and security issues in privilege processes dating back to 2009. Learn how this research extends beyond traditional Activity Hijack Attacks (AHA) by analyzing framework components, execution chains, and asynchronous rendering processes. Understand how EvilPiP bypasses seven years of hijacking defenses, requires no permissions, and achieves true persistence. Witness a demonstration of this zero-cost, user-unaware attack on high-version Android devices, including API 33 and 34. Gain insights into 10 discovered vulnerabilities, their exploitation, and the ongoing efforts to address these critical mobile security issues.

SystemUI As EvilPiP: The Hijacking Attacks on Modern Mobile Devices