Monitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021

Explore in-the-wild Android full chains in 2021 with zero-day exploits and PHP engine vulnerabilities, plus expert insights on bypassing hardware-level restrictions.

Key takeaways

The speaker monitors surveillance vendors and examines the in-the-wild Android full chains in 2021.
The expert uses a map syscall property to create a user space memory and exploit kernel vulnerabilities.
The presentation explores a zero-day vulnerability found in the Play Store, specifically a PHP engine vulnerability.
Christian Rice mentioned CVE-2019-2215.
The expert loads a local privilege escalation exploit and creates a full backdoor.
The Linux kernel has a page full handler that can be exploited.
The kernel allocates a structure called SMFPLIST before the mainstream kernel and is based on the exploit.
The expert uses SCM (Scholar Rights Datagram) to packet encode the exploit.
The analyst tracks more than 30 Android applications that use the same exploit.
The expert identifies a vulnerability in the Linux kernel and patches it using a map syscall property.
The presentation covers a deep dive into the zero-day exploit and how it affects surveillance vendors.
The expert explains how attackers bypass hardware-level restrictions.
The presentation concludes with a summary of the vulnerabilities and how they can be exploited for their own purposes. *istrate
User space program can be closed
Receive message with message pick flag
SC lysingly pre
You can get code execution

Monitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021

More talks