Although the Android operating system is rooted in open source software, it is not entirely open source. Each device contains several different types of closed-source, proprietary software. Such closed software is tedious and difficult to review and therefore is often of lower code quality. This can lead to serious security issues remaining undiscovered. This talk aims to shine light on these dark places of Android. This presentation covers enumeration, reverse engineering, and auditing of the proprietary bits of Android. A summation of results obtained from interrogating the presenter's Android device collection (including those from Samsung, Motorola, LG, and HTC) will be presented. The presenter will provide a plethora of tips and tricks for obtaining and examining these less reviewed pieces of software. Finally, previously undisclosed bugs will be discussed in a brief case study.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.