Hacking OEM-specific Android: a useful guide to finding new security vulnerabilities in Android and how it's all related to cars. 🚗 👨🏻‍💻 ©⚰️

A group of security researchers from Interrupt presented their approach to finding new logical vulnerabilities in Android-based phones last year. In their presentation, they focused on vulnerabilities in Samsung and Xiaomi's versions of Android OS.

The idea behind their approach is very practical: Android OS builds for different vendors include core Android components as well as code developed by the vendors themselves. The core Android OS is the most secure part, so it makes sense to focus on the OEM code.

Long story short - their approach is practical and led to another vulnerability. But I want to highlight that both of these vendors have much more OEM code not in mobile phones, but in other devices that use the Android OS - cars, for example.

I expect to see more research on OEM code in Android OS-based IVI systems using this approach - especially now that the technical details have been explained.

Enjoy the paper and presentation, and please share them with your peers and team. Why? Vendors need to know that their code is now in focus, and researchers may be interested in trying this approach.

More details:

Beyond Android MTE: Navigating OEM's Logic Labyrinths

[Video]: https://lnkd.in/dQhhX92n

[PDF]: https://github.com/interruptlabs/conferences/blob/main/Beyond%20Android%20MTE%20Navigating%20OEMs%20Logic%20Labyrinths.pdf