/tags/android/Recent content in Android on THALIUMHugoen-usCopyright (c) 2026, all rights reserved.Tue, 20 Jun 2023 00:00:00 +0000/posts/leveraging-android-permissions/Tue, 20 Jun 2023 00:00:00 +0000/posts/leveraging-android-permissions/<p>The Android permission management system has already suffered from several vulnerabilities in the past. Such weaknesses can grant dangerous permissions to a malevolent application, an example being <code>CALL_LOG</code>, which gives access to all incoming and outgoing calls.</p> <p>This post dives into the Android permission system and how a solver was leveraged to find new vulnerabilities. With this approach, a privilege escalation was identified, which was fixed and assigned CVE-2023-20947 by Google.</p>/posts/fuzzing-samsung-system-services/Thu, 20 Apr 2023 00:00:00 +0000/posts/fuzzing-samsung-system-services/Although the Android base is open source, many different constructors customize it with their own UIs and APIs. All these additions represent an extra attack surface that can change from one phone model to another. We tried to automatically fuzz the closed-source system services powering these modifications, discovering <code>CVE-2022-39907</code> and <code>CVE-2022-39908</code> along the way./posts/pivoting_to_the_secure_world/Fri, 24 Mar 2023 13:37:00 +0000/posts/pivoting_to_the_secure_world/<ol> <li>Discovery of two vulnerabilities in secure world components</li> <li>Exploitation to get code execution in a trusted driver, while not having a debugger for this obscure environment</li> <li>Leverage of aarch32 T32 instruction set to find nice stack pivots</li> <li>Turning an arbitrary write into an arbitrary code execution</li> </ol>