Defeating SEAndroid – DEFCON 21 Presentation
viaForensics Sr. Mobile Security Engineer Pau Oliva (@pof) took the stage at DEFCON 21 this year to present “Defeating Security Enhancements (SE) for Android.” NOTE: We have posted videos and links to the PoC code for two of Pau’s demos in a separate blog. From his abstract:
Security Enhancements for Android (SEAndroid) enables the use of SELinux in Android in order to limit the damage that can be done by malicious apps, trying to make exploitation harder. Some OEMs are trying hard to implement extra mitigations in their devices, especially those aiming to reach the enterprise market. We will present some issues that are found in devices currently implementing SEAndroid, and demonstrate how vendors FAIL in properly implementing SEAndroid protection.