Infiltrate Security Conference OPEN CFP

This CFP closes in 2 days

Chainspotting: Building Exploit Chains with Logic Bugs

Vulnerability Research

Last year at Infiltrate, we celebrated the advantages of logic bugs over memory corruptions and showcased a nice and shiny bug in Chrome on Android from Mobile Pwn2Own 2016. But did we overstate the merits of this bug class? After all, logic flaws come in all shapes and sizes. You may occasionally need to combine logic bugs into an extraordinarily long and convoluted exploit chain, which is exactly what happened to us at the competition this year. So how does this compare to chaining memory corruption bugs? Is it still an advantage to use logic bugs in these situations? We used a whopping chain of 11 bugs across 6 unique applications including Chrome, several Samsung and AOSP components. The chain was glued together using virtually every possible means of Android IPC including activities, broadcast receivers, content and file providers. We even threw in a remote DoS bug in the chain for good measure! This presentation will cover how to hunt for logic bugs at scale, the types of exploit primitives we used, and the way they fit together to achieve a malicious action such as silently installing an arbitrary APK. We will review the approach we use for discovering these types of bugs and discuss our effort into speeding up and automating this process through both static and dynamic analysis tools. This talk will also cover the limitations of these bugs along with some of the Android mitigations that hindered the exploitation process.

Back to Open CFP
Rated 5 - 57 reviewers


Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are:

  • A trip to Miami Beach during the non-gates-of-hell hot season
  • A stay at one of the premier luxury resorts in the area
  • A no-bullshit environment where you don't have to be apologetic about
  • Ability to participate in the 1st ever profit sharing conference