攻击 Android 生态系统中的调试模块.pdf

1、#BHASIA BlackHatEventsAttacking Debug Modules In The Android Attacking Debug Modules In The Android EcosystemEcosystemLewei Qu(曲乐炜)Chief Information Security Officer,Mogo Auto#BHASIA BlackHatEventsAbout MeAbout Me Head of security team in Mogo Auto.Leading the team to protect the cooperative vehicle

2、 infrastructure system and improve the level of network and data security of the company Previously focused on mobile/IoT security and has contributed a lot of vulnerabilities in Google Android,Mediatek and Unisoc.500+CVEs has been credited.Top1 bug hunter in the Unisoc Product Security Acknowledgem

3、ents Google top bug hunter in 2022 Speaker at BlackHat Europe 2021,BlackHat Aisa 2022,BlackHat USA 2022,KCon 2023,7thkanxue SDC 2023#BHASIA BlackHatEventsAgendaAgendaBackgroundThreat ModuleCase StudySummary#BHASIA BlackHatEventsBackgroundBackground#BHASIA BlackHatEventsFragmented Android EcosystemFr

4、agmented Android Ecosystem硬件SYSTEMAndroid Open Source ProjectPRODUCTPhoneTabletIVIAIoTFragmentationFragmented BSPDriver：Image processing(Camera),WiFi,Bluetooth,GNSS,4G/5G,Audioprocessing,Acceleration(GPU/NPU/DSP),Secure elementFramework：Vendors modify the service of AOSP to adapt their own hardware

5、feature such as telephony and modem.HAL：The bridge to connect the framework and driverFragmented ProductLauncher：MIUI,Magic UI,HarmonyOSSystem APP:Debug modules,Notebook,Device interconnectionOEMSOCFragmented System#BHASIA BlackHatEventsFragmented Android EcosystemFragmented Android EcosystemIntrodu

6、ced from Android Oreo.Managing vendor specific BSP codeVendor PartitionIncluding the criticle and high vulnerabilities for SoCSecurity BulletinAndroid Chipset Security Reward Program.Supported by Google in 2019.But has been shut down in 2023.5ACSRPWrapper of low-level operations for user spaceHAL#BH