Abstract

A lot has already been talked about Android malwares, botnets, fake legitimate applications and what not in android. In this presentation, we would uncover new attack methodologies on Android platform. We would also be talking about Android Framework for Exploitation, a framework (completely open-source) which we have developed and released few months back, and which has got an amazing response from the security community. We will talk about how to find vulnerabilities in Android applications, the hackers way. Also, we would show a demo on how to do mass vulnerability hunting in Android applications, using the framework, with a new feature which will be released in Grrcon. Also, we will be discussing security risks associate with BYOD in enterprises. At the end, we would be talking about how to find new vulnerabilities in Android platform (not apps), and a brief overview on how to quickly do ARM based exploitation on Android. It will be a tight presentation, both with demos as well as the concepts underlying it.

Includes live demos as well as a new tool release, and disclosing of vulnerabilities in 3 popular Android applications