Android very hurt: the Black Hat 2 0 1 5 hacker conference will be the announcement of the 6 mobile security threats-vulnerability warning-the black bar safety net

2015-07-18T00:00:00
ID MYHACK58:62201564798
Type myhack58
Reporter 佚名
Modified 2015-07-18T00:00:00

Description

Black Hat 2 0 1 5 held soon, now with the small series together see see next month at Black Hat USA posted some of the Android security threat. 6 4-bit Android Root Recently a lot about the smartphone Root will cause the phone to much more dangerous debate. But we hope that cyber criminals would not malicious use of by Keen Team internship fellow xuwen, who will be at the BlackHat hacker Conference on the announcement of the 0day vulnerability. This vulnerability will give an attacker with the invasion of the convenience that can allow them to control any Android version 4.3 or newer devices, about 3 0. 3%of the global mobile phone/tablet using theoperating system. the Hidden in the Android heart in the terror code Stagefright is a run on the native Android system on the multimedia playback engine, the cover 9 5% of Android devices. Enterprise Mobile Security Platform research and development, senior Director and Android hackers Handbook the author, Joshua Drake,in the General Assembly will be published“Stagefright: hidden in Android heart the terror Code”of speech. Drake will describe all he Stagefright found the bug and how to exploit the implementation of a variety of attacks, including DOS and remote code execution. Fingerprint hijacking ! Fingerprint authentication is very secure? The fact that maybe not so, the FireEye researchers Zhang Yulong and Tao Wei will be speaking“on the mobile device fingerprint of the abuse and the disclosure of”. Researchers at the Android current fingerprint scanning frame found serious problems, they will show how to pass fingerprint authentication hijacking mobile payment authorization, as well as show one can obtain a fingerprint image of a fingerprint sensor. Huawei Mate 7 kneel ! Hackers can break the so-called“trusted”environment? Qihoo 3 6 0 security researcher Shen di, who will by the Huawei Ascend Mate 7 phone to show you“the use of TrustZone to attack your trust to the core” Although TrustZone technology supports the Trusted Execution Environment, TEE, and wherein the fingerprint scanning and other functions requiring a high degree of trust, such as contactless payment run, and Ascend Mate 7 phone using a own customized software environment, and Huawei spun off Kirin 9 2 5 processor, but the hackers still have a way to crack. Shen di will be at the Conference to talk about the TrustZone development, how unreliable the Trusted Execution Environment to run the shellcode and how to Root the device and disable the latest Android SE. Binder communication mechanism privilege escalation ! Binder inter-process communication mechanism is generally used for all the different levels of privileges between processes, however, in by the Binder prior to the system service input parameters and can not be verified. Qihoo 3 6 0 security researcher Gong wide, who will be at the Assembly given on the first excavation of this vulnerability Fuzzing tools“by Binder communication mechanism injected into the Android system services to escalate privileges”, in addition he also will explain in detail how to exploit this vulnerability to obtain the Android system server license. APP supply chain vulnerability ! Supply chain security issues not just affecting the PC. Coming in this Black Hat on the show of the Android supply chain vulnerability will lead to run Android 5.0 Lollipop system, this is known as the most secure Android operating system is hijacked. The CheckPoint the technology leader Avi Bashan and mobile threat prevention Area Manager Ohad Bobrov will address“compromised a large number of android certifigate”, they will show how the invasion is the operator and original equipment manufacturer certification of applications for equipment control, in addition they will also referred to include a hash collision, certificate forgery, misuse of IPC as well as backdoors, keyloggers and other vulnerabilities.