Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

Permission Re-delegation Hack on Android

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
135 views
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Sep 18, 2011

This demos a permission-redelegation attack that leverages a vulnerability in the Settings app in Android 2.2. (The bug has been patched.)

A permission re-delegation attack is a way for a malicious app to circumvent a permission system, like the permission systems used by Android or HTML5. These permission systems are built so that an app should only be able to make an API call if the user has granted it a permission. However, in a permission re-delegation attack, a malicious application with no permissions asks a vulnerable trusted application to do the restricted task.

For more examples of this type of attack, check out the paper or slides:

http://www.cs.berkeley.edu/~afelt/felt_usenixsec2011.pdf
http://www.cs.berkeley.edu/~afelt/felt-usenixtalk.pptx

Category:

Science & Technology

Tags:

License:

Standard YouTube License

  • likes, 0 dislikes

Link to this comment:

Share to:
see all

All Comments (0)

Sign In or Sign Up now to post a comment!
Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more