Hacking Androids for Profit

Black Hat USA 2011

Presented by: Riley Hassell, Shane Macaulay
Date: Thursday August 04, 2011
Time: 10:00 - 11:00
Location: Milano I - IV
Track: The Mobile Track

We will reveal new threats to Android Apps, and discuss known and unknown weaknesses in the Android OS and Android Market. This presentation will offer insight into the inner working of Android apps and the risks any user faces when installing and using apps from the marketplace. The speakers will reveal previously undisclosed vulnerabilities in vendor apps installed on millions of US mobile phones and techniques to evade all available security solutions.

Riley Hassell

Riley Hassell is an internationally recognized security professional. He is an industry expert in the fields of application security assessment, software reverse engineering and malware analysis. Mr. Hassell discovered and disclosed many of the most critical software vulnerabilities known. Throughout the year 2000 and 2001 he was responsible for several critical vulnerabilities, each having major repercussions on the security industry at large. Mr. Hassell was responsible for the discovery of the first critical remote vulnerabilities in Windows 2000 and Windows XP. He also discovered the vulnerability that triggered the Code Red Internet worm. His initial dissection of the worm was used to develop and put in place protective measures to safeguard the network targeted by Code Red, the Whitehouse public network. Taking his research a step further he forecast future worm technologies and presented during presentations at the Blackhat security conference. During the year 2002 Mr. Hassell performed an assessment of the popular security products. During his assessment he discovered critical vulnerabilities in several leading security products, pushing security vendors to take a second look at their software. Mr. Hassell spent the following several years working with startup ventures to pioneer product technologies in the patch management, intrusion prevention, vulnerability analysis and malware analysis fields. Riley worked iSEC Partners as a senior associate during the following three years where he was responsible for assisting a variety of major corporations in the auditing, testing and security strategy of their digital assets. Following his employment at iSEC he founded Privateer Labs and refocused his combined expertise to the emerging threats of the mobile landscape.

Shane Macaulay

Shane Alexander Macaulay is a world class IT Security Specialist. Shane has a deep and broad security view, systems ranging from every major flavor of UNIX, Microsoft and networking operating systems. He has contributed to the security community through various papers, books and revolutionary technical applications. Shane has found a number of compiler bugs (native and managed) over the years; one was used to win the non-obvious source code backdoor contest in Defcon 2010. Previous work was also published on his personal website as K2 (ktwo@ktwo.ca), www.ktwo.ca, of note is ADMmutate, a polymorphic shell code obfuscation API which is designed to defeat pattern matching systems. For the past several years Mr. Macaulay has been working on security products and solutions for the Microsoft platform. His current product BlockWatch is a virtual machine monitoring system that assesses physical memory and validates code sections against a white list database.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats