Stagefright: Scary Code in the Heart of Android

preview_player
Показать описание
by Joshua Drake

With over a billion activated devices, Android holds strong as the market leading smartphone operating system. Underneath the hood, it is primarily built on the tens of gigabytes of source code from the Android Open Source Project (AOSP). Thoroughly reviewing a code base of this size is arduous at best - arguably impossible. Several approaches exist to combat this problem. One such approach is identifying and focusing on a particularly dangerous area of code.

This presentation centers around the speaker's experience researching a particularly scary area of Android, the Stagefright multimedia framework. By limiting his focus to a relatively small area of code that's critically exposed on 95% of devices, Joshua discovered a multitude of implementation issues with impacts ranging from unassisted remote code execution down to simple denial of service. Apart from a full explanation of these vulnerabilities, this presentation also discusses; techniques used for discovery, Android OS internals, and the disclosure process. Finally, proof-of-concept code will be demonstrated.

After attending this presentation, you will understand how to discover vulnerabilities in Android more effectively. Joshua will show you why this particular code is so scary, what has been done to help improve the overall security of the Android operating system, and what challenges lie ahead.
  1. Black Hat
  2. Information Security
  3. Black Hat
  4. BlackHat
  5. Black Hat USA 2015
  6. InfoSec
Рекомендации по теме
Stagefright: Scary Code 0:56:05

Stagefright: Scary Code in the Heart of Android

DEF CON 23 0:47:32

DEF CON 23 - Joshua J Drake - Stagefright: Scary Code in the Heart of Android

Break Me09 Stagefright 1:13:17

Break Me09 Stagefright Scary Code in the Heart of Android Joshua jduck Drake

Stagefright Scary Code 0:56:05

Stagefright Scary Code In The Heart Of Android

Stagefright Exploit Demo 0:01:50

Stagefright Exploit Demo - CVE 2015-3864 Metasploit Module

09 Stagefright Scary 1:13:17

09 Stagefright Scary Code in the Heart of Android Joshua jduck Drake DerbyCon 5

Stage Fright Android 0:01:52

Stage Fright Android Hack

android 5.0.1 stagefright 0:01:13

android 5.0.1 stagefright remote root exploit

Stagefright hack: Everything 0:04:54

Stagefright hack: Everything you need to know

Stagefright Attack Demo 0:09:02

Stagefright Attack Demo

Android StageFright 0:13:00

Android StageFright

SANS Webcast: Everything 0:41:30

SANS Webcast: Everything you need to know about STAGEFRIGHT, by Joshua Wright

Exploit : Hack 0:03:40

Exploit : Hack Some Android Phones with just 1 link [Stagefright]

Patreon Hacked, Experian 0:05:35

Patreon Hacked, Experian T-Mobile Hacked, Linux Hacked, and Android Stagefright 2.0! - Threat Wire

Stagefright Virus Could 0:02:29

Stagefright Virus Could Turn Your Phone Into A Hacker's Haven

fps comparison, can 0:00:12

fps comparison, can you notice the difference? #60fps #animation #attackontitan #shingekinokyojin

Exploit Android Stagefright 0:07:31

Exploit Android Stagefright (Fixed By fireworm)

Apple Gets Stagefright 0:12:39

Apple Gets Stagefright

3 Goated Free 0:49:56

3 Goated Free Horror Games (Stagefreight)

301 Stagefright An 0:48:49

301 Stagefright An Android Exploitation Case Study Jduck

Android 'StageFright' MMS 0:09:42

Android 'StageFright' MMS Exploit - Come funziona e come proteggersi

Diary Of A 0:01:10

Diary Of A Wimpy Kid Clip 'Cheese Touch'

Android StageFright Update 0:10:36

Android StageFright Update

Stagefright + drammer 0:04:46

Stagefright + drammer

Комментарии
Автор

I'm getting nervous of this guy dancing behind the desk, prolly affected with Stagefright

Ronnie
Автор

The stagefright bug came back again. My phone and tablet was patched up and secure from stagefright after I was sent an update, but now it's vulnerable again. Android need to regularly send patches to phones all around the world in order to combat this bug. Perhaps until then, we should use our smartphones and tablet like dumb phones ie turn off mobile network and wifi and only use for calls and sms messages I wonder if that would help??

gcv
Автор

how or where can I learn more about all this?  college classes??  is this information technology?  someone please help... I want to know what I am doing with my home computers and my cell phones,   both have crashed and I cant keep dealing with this blindly.  what can I do to learn more????

TheRainstorm
Автор

oh my.  all of this is beyond my level of comprehension...I updated my lg volt for this "stage fright" and now its stuck rebooting itself over and over...it's been almost a half hour... can anyone tell me what to do...is my cell broken or is this part of the update?  and can anyone explain this in terms that someone like me can understand?  and I really don't know much even after watching this video....

TheRainstorm
Автор

Samsung finally started cranking out the patch late last month.

pruittboy
Автор

iOS has it's own issues. It was and still is affected by ShellShock

hightech
Автор

I wonder when Android will finally copy iOS's most important feature, security

tmmy