These Aren't the Permissions You're Looking For

DEF CON 18

Presented by: Anthony Lineberry, David Richardson, Sr., Timothy Wyatt
Date: Saturday July 31, 2010
Time: 15:00 - 15:50
Location: Royale 2-3-4
Track: Track 1

The rise of the robot revolution is among us. In the past year Android has stepped up to become a leader in the world of mobile platforms. As of early may the platform has surpassed the iPhone in market share at 28%. Third party trackers for the Android Market have reported upwards of 50,000 apps available now. The Android security model relies heavily on its sandboxed processes and requested application permissions. It survived the recent pwn2own slay fest unscathed, but this does not mean it is safe by any means. We aim to explore novel techniques for attacks based around abuse of the permission system. Both in performing operations sans appropriate permissions, as well as abusing granted permissions outside of their scope. We'll be demonstrating various ways to hijack input, steal sensitive information, and many other ways to break the rules put in place by our new robot overlords.

Anthony Lineberry

Anthony Lineberry is a security researcher from Los Angeles who has been active in the security community for many years, specializing in reverse engineering code, researching vulnerabilities, and advanced exploitation development. He has written an open source kernel from scratch, helped with the first iPhone jailbreak, and feels uncomfortable speaking in the 3rd person. Professionally his experience includes working as a security researcher for McAfee, NeuralIQ, and currently with Lookout. He has spoken previously at SCaLE and BlackHat EU/US.

David Richardson, Sr.

David Richardson, Sr. is a Senior Software Engineer at Lookout Mobile Security. He writes security software for mobile phones including Android, Windows Mobile, BlackBerry and iPhone. He was the President of the University of Southern California ACM in 2008-2009 and received an award for "Outstanding Service In Computer Science" - whatever that means. His interests are primarily in Application Development and User Experience. In his free time he enjoys not knowing how to ride a bicycle.

Timothy Wyatt

Tim Wyatt is a software engineer whose 16-year career has focused on development of security products and products with critical security requirements. Most recently, this has led him to focus on security in the mobile space at Lookout Mobile Security. Prior to Lookout, Tim was a lead engineer for the Symantec (formerly Vontu) Network Data Loss Prevention Suite


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats