heisenbug Heisenbug 2020 SPb (15.06.2020 — 18.06.2020)

Vulnerabilities in the implementation of interprocess cooperation in Android applications

img

During this session, Alexandra will consider several vulnerabilities caused by errors in working with messaging mechanisms and talk about testing methods and tools that must be used to detect such problems.

Intents, services, broadcasts — it’s all mechanisms that the Android system provides for the exchange of messages between applications.

However, if we’ll look at the statistics of application vulnerabilities it turns out that more than a third of them are caused by the improper use of these mechanisms. Such errors could cause the leak of data or allow the plotter to remotely execute code on a user’s device.

During this session, Alexandra will consider several vulnerabilities caused by errors in working with messaging mechanisms and talk about testing methods and tools that must be used to detect such problems.