Last year at Infiltrate, we celebrated the advantages of logic bugs over memory corruptions and showcased a nice and shiny bug in Chrome on Android from Mobile Pwn2Own 2016. But did we overstate the merits of this bug class? After all, logic flaws come in all shapes and sizes. You may occasionally need to combine logic bugs into an extraordinarily long and convoluted exploit chain, which is exactly what happened to us at the competition this year. So how does this compare to chaining memory corruption bugs? Is it still an advantage to use logic bugs in these situations? We used a whopping chain of 11 bugs across 6 unique applications including Chrome, several Samsung and AOSP components. The chain was glued together using virtually every possible means of Android IPC including activities, broadcast receivers, content and file providers. We even threw in a remote DoS bug in the chain for good measure! This presentation will cover how to hunt for logic bugs at scale, the types of exploit primitives we used, and the way they fit together to achieve a malicious action such as silently installing an arbitrary APK. We will review the approach we use for discovering these types of bugs and discuss our effort into speeding up and automating this process through both static and dynamic analysis tools. This talk will also cover the limitations of these bugs along with some of the Android mitigations that hindered the exploitation process.Back to Open CFP
We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to email@example.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.
Some of the benefits of speaking at INFILTRATE are: