Black Hat Europe资料eu-15-Blanda-Fuzzing-Android-A-Recipe-For-Uncovering-Vulnerabilities-Inside-System-Components-In-Android-wp.pdfVIP

Fuzzing Android: a recipe for uncovering vulnerabilities inside system components in Android Alexandru Blanda Intel OTC Romania, Security SQE ioan-alexandru.blanda@ Abstract The paper focuses on a fuzzing approach that can be used to uncover different types of vulnerabilities inside multiple core system components of the Android OS. The paper will introduce the general idea behind this approach and how it applies to several real-life targets from the Android OS backed up by discovered vulnerabilities. The list of components that were targeted and found vulnerable contains: the Stagefright framework, the mediaserver process, the Android APK install process, the installd daemon, dex2oat, ART. A number of topics will be covered, starting with the actual fuzzing process with the data/seed generation processes and test case execution, the logging and triage mechanisms, addressing challenges such as bug reproducibility, sorting out unique issues and prioritizing issues based on their severity. The second part of the paper will take the discussion towards explaining the creation of several tools that have been developed using this methodology. The actual implementation of the tools will be discussed with focus on the technical details, as well as the issues discovered, CVE entries released and possible exploitable patterns. Brief introduction to fuzzing This section of the paper describes what fuzz testing is and offers a very brief insight on how fuzzing works. Fuzzing can be considered, and it is often described as being a black-box software testing technique. At a very general level, a definition of fuzzing can be summed up as being the process of sending random or invalid data