通过鲜为人知的远程攻击面远程、一键式突破智能手机.pdf

1、#BHUSA BlackHatEventsRemote,OneRemote,One-Click,Breaking through Click,Breaking through Smartphones via a Smartphones via a Non WellNon Well-KnownKnownRemote Attack SurfaceRemote Attack SurfaceSpeaker:Qinrun Dai Contributor：Fan Yang Haikuo Xie#BHUSA BlackHatEventsAbout UsHaikuo Xie(Thankkong)Securit

2、y researcher Singular Security LabCommunication protocol security(IM,Wi-Fi,Bluetooth.)Vehicle securitySpeaker at Black Hat ASIA 2020,USA 2021 and ASIA 2022,Mosec 2023Qinrun Dai(Second2st)CS PhD student University of Colorado,BoulderWindows Security/Exploitation DevelopmentFan Yang(Fantasyoung_)Secur

3、ity researcher Singular Security LabProtocol and system security(IM,Bluetooth,Android)Vehicle securityWeb security&PentestSpeaker at Black Hat Asia 2022#BHUSA BlackHatEventsAgendaRemote attack surface of video callingSecVideoEngineServiceWhat is SecVideoEngineServiceWhy we research SecVideoEngineSer

4、viceVulnerabilitiesExploitationPC controlRemote information leakageGetting remote shell Demonstration of one-click RCE exploitation#BHUSA BlackHatEventsJust making a phone call,your phone is under my control#BHUSA BlackHatEventsRemote attack surface of video callProject Zero:A deep dive into an NSO

5、zero-click iMessage exploit:Remote CodeFORCEDENTRY:Sandbox Escape()Exploiting Android Messengers with WebRTC:Part 1()Critical WhatsApp Bugs Could Have Let Attackers Hack Devices RemotelyWhatsApp voice calls used to inject Israeli spyware on phones#BHUSA BlackHatEventsRemote attack surface of video c

6、allCarrier Based video calling IMS Service(Android Service)Carrier-provided IMS implementationSecVideoEngineServiceIms_rtp_daemonVtservice#BHUSA BlackHatEventsSecVideoEngineService#BHUSA BlackHatEventsWhat is SecVideoEngineServiceSecVideoEngineService is a crucial system app integrated into Samsung