Lessons Learned from Researching and Exploiting Stagefright presented at InfoSecSouthWest 2016

by Joshua j. Drake,

Summary : Android is currently the most popular operating system worldwide. Such popularity garnered increased attention from malicious actors and security researchers alike. The potential impact of widespread exploitation of over one and half billion devices is truly daunting. Several vulnerabilities in Android's Stagefright multimedia library were proven to be usable to realize this potential.
This presentation looks back at the author's time spent researching and attacking Android devices via Stagefright vulnerabilities. It covers various technical facts and interesting tidbits gleaned throughout the exploit development process. Apart from a walkthrough of two exploits, this presentation also discusses Android OS internals and summarizes the body of research published on the topic by the larger security community.
After attending this presentation, you will better understand how vulnerabilities in Android can be exploited. Joshua will show you what has been done to improve the overall security of the Android operating system and what challenges lie ahead.