Vulnerabilities in the Android driver environment
Vulnerabilities in the Android driver environment
With a market share of over 80%, Android has become an industry standard not only for mobile devices. Mostly Android is seen as an open-source project where everybody can contribute and review the code. However, in practice, a lot
of the Android kernel and kernel-environments code gets heavily customized by manufacturers, carriers, and vendors, which can be hard to access for review. Such customizations can pose a threat to the overall device security. Especially
drivers are affected by this customization process and can cause serious vulnerabilities. This paper will show different perspectives on the Android device development process, focusing on device drivers, how security research approaches drivers, and how attackers might exploit them.
I wrote this paper as part of my lectures about mobile application security. It was the first time i touchet hardware related problems in IT-Security. Today most if this stuff would be related to Supply Chain Management and HBOM.
I only wrote this paper but never published it anywhere. Still for mmy that was eye opening and i'd like to share it so people know where i come from regarding this issues.