No Safety for Old Phones: How Android became the new Windows XP presented at saintcon 2016

by Andrew Brandt,

Summary : In March, 2016, research uncovered a malvertising attack network that used a variety of exploits against the Android operating system to deliver and silently install malware onto a range of mobile devices. Tools within the lab environment recorded a full network PCAP of the attack. While it appears that the publicity surounding the use of these exploits has driven the attackers to ground for the time being, the revelation that these exploits were actively used to drive a mobile ransomware campaign should concern anyone with an Android device more than a year old. This presentation will summarize the discovery and subsequent investigation into the so-called Dogspectus attack, in which the attackers employed both freely-available exploit code (Towelroot) and leaked exploits that had been hoarded by Hacking Team until their breach last year revealed them to the world.