Главная
Study mode:
on
1
Introduction
2
Case Study 1 - Rooting On A Locked Bootloader
3
Target Device
4
Disabled Bootloader Unlock
5
Finding An Exploit
6
SELinux Protection
7
Alternative Attack Vectors
8
Custom Recovery Mode
9
Finding An Update Image
10
Recovery Mode Menu
11
Root Cause Analysis
12
Exploiting Command Injection
13
Getting A Shell
14
Switching To Android
15
Overriding Init
16
Init Process
17
Shared Mounts
18
Patching out SELinux Checks
19
Fixing Kernel Panics
20
Reinitialising Services
21
Replacing Read-Only Files
22
Hidden RAMDisk
23
Case Study 2 - Exploiting An Exynos Secondary Bootloader
24
Fuzzing USB Control Transfers
25
Initial Fuzzing Attempts
26
Causing A Crash
27
Exploiting Descriptor Overwrite
28
Brute Forcing Memory
29
Dumping Memory
30
DEP Misconfiguration
31
Basic Code Execution
32
Reimplementing Boot
33
Boot Debugging
34
Kernel Execution
35
Boot Failure
36
Bootloader Threads
37
Disabling Threads
38
Aarch64 Exceptions
39
Additional Errors
40
Android Modification
41
Final Notes
42
Disclosure
43
Conclusion
Description:
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only! Grab it Learn about critical vulnerabilities in modern Android smartphones through a DEF CON 31 conference talk that explores physical attack vectors and security weaknesses. Dive into detailed case studies examining privilege escalation techniques through Recovery mode exploitation and Secondary Bootloader vulnerabilities. Explore how to achieve root access on locked bootloader devices using only a Micro SD card, and discover USB stack vulnerabilities that enable code execution and modified Android image booting. Master advanced concepts including SELinux protection bypasses, command injection exploitation, init process manipulation, USB control transfer fuzzing, and bootloader debugging. Gain hands-on knowledge of Android security architecture, bootloader operations, and real-world attack methodologies through practical demonstrations and technical deep-dives into vendor-specific Android implementations.

Physical Attacks Against Smartphones: Android Security Vulnerabilities and Exploits

DEFCONConference
Add to list
#Programming #Mobile Development #Android Development #Android Security #Information Security (InfoSec) #Cybersecurity #Privilege Escalation #Vulnerability Analysis #Computer Science #Information Technology #Linux #SELinux #Computer Security #USB Security
1 of 43

Introduction