Android OEM's applications (in)security and backdoors ... - QuarksLAB
Android OEM's applications (in)security and backdoors ... - QuarksLAB
Android OEM's applications (in)security and backdoors ... - QuarksLAB
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Android</strong> <strong>in</strong>troduction <strong>Android</strong> <strong>security</strong> model Methodology Toward a backdoor without permission Post-exploitation<br />
Context <strong>and</strong> objectives<br />
Targeted user<br />
Security aware user<br />
Doesn’t use alternative markets<br />
Checks permissions before <strong>in</strong>stall<strong>in</strong>g an application<br />
Targeted smartphone<br />
Samsung Galaxy S3 (I9300)<br />
50 millions copies sold (March 2013)<br />
Actually, the Samsung frontend on the I9300<br />
Some of these <strong>applications</strong> may also be present on other models<br />
Some vulnerabilities may impact other models (S2, S4, Note 1/2, ...)<br />
The vulnerable <strong>applications</strong> can’t be deleted without root access