Style over Substance - how OEMs are breaking Android security presented at t2InfoSecCon 2014

by Robert Miller,

Summary : Android has made significant steps in recent years in improving the security of the platform as well as the apps on their app store. But there is one area they can't control: the manufacturers.
In their race to bring new features first to market, we will have a look at how device manufacturers are undermining their security of devices and all the data they contain.
In this presentation we will be allowed by two manufacturers for the first time to perform live exploits against their devices. We will show the steps an attacker can go from being on the same network to having full control of a device.
Finally, we will demonstrate how a compromised device can be used to attack corporate networks and mobile device management applications.
The goal of this talk is to arm the security industry with the methodology to hunt out these issues in Android devices and applications, and the skills to fix them.