Kirill Leyfer

Mobile threats analyst, Dr.Web

About speaker

I specialize in analyzing mobile threats. I am fond of studying the Android Open Source Project. I graduated from Omsk State University with a degree in computer security. Currently, I am a postgraduate student at ITMO University.

June 17
18:00 — 19:00
First Track
Recently disclosed EvilParcel vulnerabilities (CVE-2017-13287 and others) detected in the Android OS allow performing arbitrary actions in context of the privileged system_server process.

The speaker gives a description of a new trojan Android.InfectionAds.1 that exploits the EvilParcel and Janus vulnerabilities. They allow the trojan to install and remove applications from Android devices without users’ confirmation, change the application code while retaining its signature, and perform other malicious actions. The speaker examines in detail the EvilParcel class of vulnerabilities, explains how they are exploited by Android.InfectionAds.1, and discusses whether the protection against EvilParcel in AOSP updates can be considered reliable.