Wednesday, August 30, 201724 months agoShenzhen, China
MWR's Georgi Geshev will be presenting at the Tencent Security Conference in Shenzhen this year.
Talk presented by MWR
Topic: Logic Bug Hunting in Chrome on Android
Speakers: Georgi Geshev
Description: Memory corruption exploits are requiring greater and greater investment in time and effort to bypass the latest mitigations in applications like Chrome and the underlying operating system. When combined with the competition of everyone in the world running a fuzzer, it becomes hard to find and keep unique bugs.
Instead we want to talk about logic flaws - bugs or simply "features" - that enable the attacker to achieve the same goals without fighting the latest and greatest exploit mitigations. We will show the methodology we use for reviewing products and identifying flaws as well as the process of exploiting them. This involves, among other things, developing better understanding and gaining deeper knowledge of a target and identifying security boundaries that usually give rise to assumptions about security checks performed on both sides.
In our example we will show how a logic bug in Chrome for Android allows an attacker to completely bypass Android Nougat security to access the user's files, emails and even install applications without the need for a single memory corruption bug.