Contenu connexe
Similaire à Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Similaire à Csw2016 chaykin having_funwithsecuremessengers_and_androidwear (20)
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
- 1. Having fun with secure
messengers and Android Wear
(and Android Auto)
Artem Chaykin
Positive Technologies
CanSecWest’16
- 2. Who I am?
• Russian hacker / Putin’s agent
• Mobile application security team lead
• SCADA Strangelove Team
• RDot.Org team member
- 3. Android IPC basics
• Private memory for each process
• Data is passed through kernel module – Binder
• Intent-based
- 4. Intents
• Intent is an object
• App1 can send intents to exported components of App2
Intent
Package
name
Component
name
Ac0on Data
- 17. Example 0x2 – PendingIntent hijacking
• 3rd party push services
• Identity confirmation
Victims:
- 20. Android Wear & Android Auto
• Remote Input class is based on PendingIntent
- 21. Android Wear & Android Auto
• Remote Input class is based on PendingIntent
- 34. Fixes
Still no thanks
• Signal – emailed Moxie – fixed same day – got “thanks”
• Telegram – emailed security@ - partial fix after ~ 45 days -