Black Hat USA 2025 | Breaking Chains: Hacking Android Key Attestation
Автор: Black Hat
Загружено: 2026-03-02
Просмотров: 1855
Описание:
Android key attestation provides a way for a device's secure hardware to verify that cryptographic material is in secure hardware, protected against compromise of the Android OS. If you've ever encountered a password-less authentication flow (e.g., WebAuthN) in a banking app on your Android device you have most likely utilized this feature. However, the entry point for this research involved the investigation of an implementation to combat bot fraud/abuse.
This presentation will take attendees on a deep dive into the Android Keystore, Android key attestation, and a litany of PKI vulnerabilities we discovered in an Android key attestation implementation, which includes the discovery of a systemic issue in Google's open source library for parsing Android key attestation X.509 certificate chains.
As part of this talk, we will cover how we discovered/exploited these vulnerabilities to circumvent our target's bot protections and present tooling to enable researchers to test their own Android key attestation implementations. To beat the bots, you have to be the bots!
By:
Alex Gonzalez | Senior Red Team Engineer, Amazon
Presentation Materials Available at:
https://blackhat.com/us-25/briefings/...
Повторяем попытку...
Доступные форматы для скачивания:
Скачать видео
-
Информация по загрузке:
