Komáromy Dániel - Enter The Snapdragon! HD

https://www.hacktivity.com The principal goal of Android security is the secure containment of application privileges. And the foundation of this isolation is the security of the kernel. Until recently, Android security research has not focused on platform-specific kernel modifications and the majority of public Android kernel exploits were based on upstream CVEs. But in the past year, we have seen an increased interest from researchers in Android kernel security, particularly in the area of memory corruption exploitation. Qualcomm, thanks to our processors at the heart of a dominant share of Android devices, is at the centre of this pique of interest. This presentation will describe the Qualcomm Product Security Team’s incident response work in this area. We will provide an insight into the scope of the platform-specific attack surface, present tools we have developed for rapid exploit reverse engineering and automated vulnerability finding, and describe kernel hardening countermeasures that we have introduced.