the Mystique Vulnerability White Paper

移动安全 2年前 (2022) admin
412 0 0

Abstract

The Android Application Sandbox is the cornerstone of the Android Security Model, which protects and isolates each application’s process and data from the others. Attackers usually need kernel vulnerabilities to escape the sandbox, which by themselves proved to be quite rare and difficult due to emerging mitigation and attack surfaces tightened.

However, we found a vulnerability in the Android 11 stable that breaks the dam purely from userspace. Combined with other 0days we discovered in major Android vendors forming a chain, a malicious zero permission attacker app can totally bypass the Android Application Sandbox, owning any other applications such as Facebook and WhatsApp, reading application data, injecting code or even trojanize the application ( including unprivileged and privileged ones ) without user awareness. We named the chain “Mystique” after the famous Marvel Comics character due to the similar ability it possesses.

In this talk we will give a detailed walk through on the whole vulnerability chain and bugs included. On the attack side, we will discuss the bugs in detail and share our exploitation method and framework that enables privilege escalation, transparently process injection/hooking/debugging and data extraction for various target applications based on Mystique, which has never been talked about before. On the defense side, we will release a detection SDK/tool for app developers and end users since this new type of attack differs from previous ones, which largely evade traditional analysis.

Details

the Mystique Vulnerability White Paper
CanSecWest2022 sliders

 

原文始发于京东探索研究院信息安全实验室:the Mystique Vulnerability White Paper

版权声明:admin 发表于 2022年5月27日 上午8:48。
转载请注明:the Mystique Vulnerability White Paper | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...