Android 4.0: Ice Cream “Sudo Make Me a” Sandwich

DerbyCon 3.0 - All In The Family

Presented by: Max Sobell
Date: Friday September 27, 2013
Time: 16:00 - 16:50
Location: Track 4
Track: The 3-Way

“With the advent of Android 4.0+, we have seen the rooting landscape shift dramatically. This presentation gives a brief, but highly technical overview of the most ingenious new types of attacks on 4.0+. We will give an overview of Android’s device protection mechanisms in 4.0+ and how they can be circumvented or unintentionally undermined by device manufacturers.

Each device manufacturer and carrier can add or modify code from the Android Open Source Project (AOSP). This can include access to device memory, exploitable processes which run as the root user, initialization scripts which perform privileged actions without proper validation, or APKs which leak access to otherwise-protected information sources. This talk will examine what carriers and device manufacturers are doing to prevent (or assist) customers root their devices. We will also detail /boot and /recovery differences between OEMs, how signature checks are performed, and demonstrate some of our tools to examine new devices and find potential security flaws.

This talk is not about exploiting the AOSP, but rather identifying mistakes and misconfigurations due to customized builds and additional features.”

Max Sobell

Max is a senior consultant and research director at Intrepidus Group based out of NYC. He specializes in mobile device penetration testing and has spent time researching NFC (for access control and on mobile devices), Bluetooth, mobile wallets, and secure elements. Before working in security, he designed high speed trading algorithms and worked in commodities. Max is a licensed HAM operator and contributes chapters to several best selling Linux books. He has presented at ShmooCon, CanSecWest, EuSecWest, SecTor, SOURCE: Boston, and various local conferences.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats