TyphoonCon
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
BUY TICKETS
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Menu
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
BUY TICKETS
BUY TICKETS
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Menu
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Back to Agenda

Be cautious! Your conversations might be secretly recorded

Talk overview:

Android app developers have consistently improved their stock Android apps with the introduction of newer designs and more features to help you start faster and more conveniently. Samsung's voice recorder app is stock or pre-installed on over 1000 million devices, and it has recently introduced a lock screen widget for the voice recorder app, which means that you can start recording voice in the background directly from the lock screen for faster and easier access. This feature contains a vulnerability that allows any local app on the device (including third-party apps), browser, and NFC tag to start voice recording in the background with no microphone permission even if the phone is in a locked state. As a result, any malicious attacker could have recorded your private conversation without you realising it. Android is a privilege-separated operating system, in which each app runs with a distinct system identity (Linux user ID and group ID). Parts of the system are also separated into distinct identities. Linux thereby isolates apps from each other and from the system. Apps can define custom permissions in their apps, and custom permissions are often used to protect different application components, such as Activities, Services, Content Providers, and Broadcast Receivers, from 3rd-party applications installed on the device. In Samsung voice recorder, absence of the custom permission on the exported BroadcastReceiver, Activities responsible for handling the intent action leads to start Service and invoke the voice recording in the background even in the phone is in locked state ad it was possible to trick the target app to save recording using exported activity and get back the recording to the server, This vulnerability was assigned CVE-2022-28789. Since the broadcast receiver was starting a microphone-type service thus this could have helped an attacker to start headless recording without the victim being aware of the attack. The attack surface is vast (i.e., an attack could be triggered by any pre-installed or third-party app, NFC tag, browser, etc.). In this talk, We will look at the best approach to analysing this vulnerability and developing multiple attack surfaces, including app-links.

Share on

you might be interested in

Explore all talks
Keynote Speaker

How to build Skynet – a system that hacks systems

Professor Insu Yun
|
Assistant Professor at KAIST
Keynote Speaker

Exploring Offensive Security in Korea

Yongil Lee
|
CISO at Peoplefund

When Athletic Abilities Just Aren’t Enough – Scoreboard Hacking

Maxwell Dulin
|
Senior security consultant at Security Innovation
Explore all talks

Take part in The Best
All Offensive Security
Conference in Asia

Get your TyphoonCon tickets today!

buy tickets

for more information

Email Info@typhooncon.com

Follow us

  • Facebook
  • Twitter
  • Linkedin
  • Facebook
  • Twitter
  • Linkedin
  • Email