Man-In-The-Disk

DEF CON 26

Presented by: Slava Makkaveev
Date: Sunday August 12, 2018
Time: 13:00 - 13:20
Location: Track 1

Most of modern OS are using sandboxing in order to prevent malicious apps from affecting other apps or even harming the OS itself. Google is constantly reinforcing Android’s sandbox protection, introducing new features to prevent any kind of sandbox bypass.

In this talk we want to shed new light on a less known attack surface which affects all Android devices and allows an attacker to hijack the communication between privileged apps and the disk, bypassing Android’s latest sandbox protection.

The problem begins when privileged apps interact with files stored in exposed areas, and even worse, some of them will unintentionally break the sandbox by insecurely appending such data to its confinements.

Can you imagine if someone could execute code in the context of your keyboard, or install an unwanted app without your consent? Well… It’s hardly within the realm of imagination.

The external storage and network based vulnerabilities we discovered, can be leveraged by the attacker to corrupt data, steal sensitive information or even take control of your device.

Slava Makkaveev

Slava Makkaveev is a Security Researcher at Check Point. Holds a PhD in Computer Science. Slava has found himself in the security field more than seven years ago and since then gained a vast experience in reverse engineering and malware analysis. Recently Slava has taken a particularly strong interest in mobile platforms and firmware security.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats