The main topic of this technical talk will be "sandboxes" and how to escape them. One of the main component of the modern operating systems security is their sandbox implementation. Android for example in recent versions added SELinux to their existing sandbox mechanism, to add an additional layer of security. As well OS X recently added System Integrity Protection as a ‘system level’ sandbox, in addition to the regular sandbox which is ‘per-process’.
All modern OS focus on defense in depth, so an attacker and a defender must know these mechanisms, to bypass them or make them more secure. We will focus on Android and iOS/OSX to show the audience the implementations of the sandbox in these operating systems, the attack surface from within interesting sandboxes, like the browser, or applications sandbox.
Then we will discuss how to attack them and escape from our restricted context to compromise further the system, showcasing vulnerabilities. We think that comparing Android with iOS/OSX can be very interesting since their implementation is different, but the goal for attackers and defenders is the same, so having knowledge of different sandboxes is very insightful to highlight the limitations of a particular implementation. The sandboxes some years ago were related mainly to our desktop, mobile phone or tablet. But if we look now at the technology trend, with Automotive and IOT, we can understand that sandboxes will be crucial in all those technologies, since they will run on mainstream operating system when they will become more popular.
Marco Grassi is currently a Senior Security Researcher of the KEEN Lab of Tencent (previously known as KEEN Team). He was one of the main contributors at Pwn2Own 2016 for the Safari target with sandbox escape to root. He is a member of the team who won the title of ‘Master Of Pwn’ at Pwn2Own 2016. Formerly he was a member of NowSecure R&D Team, where he researched solutions for mobile security products and performed reverse engineering, pentesting and vulnerability research in mobile OS applications and devices. When he’s not poking around mobile devices, he enjoys developing embedded and electronic systems. He has spoken at several international security conferences such as ZeroNights, Black Hat, Codegate, HITB and cansecwest. Twitter: @marcograss
Qidan He (a.k.a Edward Flanker) is a security researcher focusing on mobile security at KeenLab of Tencent (former known as Keen Team). His major experience includes Android/iOS/OSX security and program analysis. He has reported several vulnerabilities in Android system core components, which were confirmed and credited in multiple advisories. He has also found multiple vulnerabilities in OSX kernel, which are awaiting patch and credit. He is the winner of Pwn2Own 2016 OSX Category and member of Master of Pwn Champion team. He has spoken at conferences like Blackhat, CanSecWest, HITCON and QCON. Twitter: @flanker_hqd