Stagefright: An Android Exploitation Case Study (Derbycon 2016)


Last year, Joshua disclosed multiple vulnerabilities in Android’s multimedia processing library libstagefright. This disclosure went viral under the moniker “Stagefright,” garnered national press, and ultimately helped spur widespread change throughout the mobile ecosystem. Since initial disclosure, a multitude of additional vulnerabilities have been disclosed affecting the library. In the course of his research, Joshua developed and shared multiple exploits for the issues he disclosed with Google. In response to Joshua and others’ findings, the Android Security Team made many security improvements. Some changes went effective immediately, some later, and others still are set to ship with the next version of Android?Nougat. Joshua will discuss the culmination of knowledge gained from the body of research that made these exploits possible despite exploit mitigations present in Android. He will divulge details of how his latest exploit, a Metasploit module for CVE-2015-3864, works and explore remaining challenges that leave the Android operating system vulnerable to attack. Joshua will release the Metasploit module to the public at DerbyCon

Joshua J. Drake is the VP of Platform Research and Exploitation at Zimperium Enterprise Mobile Security and lead author of the Android Hacker’s Handbook. Joshua has been doing vulnerability research on a wide range of applications and operating systems for over 20 years with a focus on Android since early 2012. His professional experience began in 2005 and includes roles at VeriSign/iDefense, Rapid7/Metasploit, and Accuvant LABS.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s