#HITB2016AMS D1T2 - Adaptive Android Kernel Live Patching - Tim Xia and Yulong Zhang HD

We have witnessed many kernel vulnerabilities of Android devices. They have already been utilized by underground businesses in malware and APTs. Unfortunately, some of these vulnerabilities remain unfixed for years, partly due to the time-consuming patching and verification procedures, or probably because the vendors care more about innovating new products than securing existing devices. As such, there are still a lot devices all over the world subject to root attacks. In this talk, we will present an adaptive Android kernel live patching framework, which enables hotpatching for unpatched kernels. Unlike existing Linux kernel hotpatch solutions, this framework can work directly on binaries and can automatically adjust to different device models with different Android kernel versions. This makes possible for third party developers, who may not access the exact source code of the device kernel and drivers, to perform live patching. Moreover, this work saves developers from the tedious and error-prone porting work, which further shortens the patch deployment period. ====== Tim Xia, a Chinese security researcher since 2004 has worked for quite a few global security companies focusing on malware reverse engineering, exploit kit research, pentesting, and vulnerability detection. He now works for Baidu, the biggest Chinese search engine company as a Sr. Android security researcher, mainly focusing Android malware, APP protection techniques, as well as vulnerability research. He has previously spoken at PacSec Japan in 2013 on Android protections techniques. ------ Yulong Zhang is currently working at Baidu conducting the research and development of the next generation methodologies to analyze mobile threats, and to design security products to detect and defend such threats.