zLabs at BSides Las Vegas: Where Android security helps and fails

Share and earn Cybytes
Facebook Twitter LinkedIn Email

This week at BSides Las Vegas, zLabs’ security researcher, Tamir Zahavi-Brunner (@tamir_zb) is conducting a session titled “Treble or Trouble: Where Android’s latest security enhancements help, and where they fail.”

Tamir’s work is another example of why zLabs is recognized as the world’s most qualified and talented collection of researchers focused 100% exclusively on mobile

Here is the abstract for Tamir’s session. We will post the recording of the session when it is available.

Treble or Trouble: Where Android’s latest security enhancements help, and where they fail.

In today’s security world it is well understood that it is impossible to eliminate all bugs. This is why in order to limit vulnerabilities, security enhancements are introduced as an extra line of defence. Attack surfaces are being narrowed and mitigations are added to make exploitation harder. This is an approach that is well used by Google in Android. They add more security enhancements in each major Android version, including Project Treble, recently added in Android 8.

We decided look deeper into Project Treble and examine how beneficial to security it really is. During our research, we found a very dangerous vulnerability in areas related to Project Treble. Not only did Project Treble do nothing to prevent this vulnerability, it was actually the reason it was introduced.

In this talk we will review the inner works of Project Treble. We will look at the refactoring that Android services went through and point out multiple issues with it. We will also cover the details of the vulnerability we found, and its impact. We found that while Google were keen to announce a new enhancement with a flashy name, its implementation was somewhat neglected.

The post zLabs at BSides Las Vegas: Where Android security helps and fails appeared first on Zimperium Mobile Security Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Zimperium
Zimperium, the industry leader in Mobile Threat Defense, offers real-time, on-device protection against both known and previously unknown threats, enabling detection and remediation of attacks on all three mobile threat vectors - Device, Network and Applications. Zimperium’s patented z9™ detection engine uses machine learning to power zIPS™, mobile on-device Intrusion Prevention System app, and zIAP™, an embedded, In-App Protection SDK that delivers self-protecting iOS and Android apps. Leaders across the mobile ecosystem partner with Zimperium, including mobile operators (Airtel, Deutsche Telekom, SmarTone, SoftBank and Telstra), device manufacturers (Samsung, SIRIN, TriGem), and leading enterprise mobility management (EMM) providers (AirWatch, MobileIron, BlackBerry, Citrix and SAP). Headquartered in San Francisco, Zimperium is backed by Sierra Ventures, Samsung, Telstra, Warburg Pincus and SoftBank. Learn more at www.zimperium.com or our official blog at https://blog.zimperium.com.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?