Over the past five years, the security model of modern Android devices (particularly Marshmallow and newer) has continued to grow and mature, largely due to key security controls implemented by Google. One such security feature is the SELinux port for Android, “SEAndroid”. SEAndroid has drastically influenced the process used for exploiting Android devices and has forced attackers to develop a methodology resembling a Rube Goldberg machine. This often requires mapping out SEAndroid contexts and abusing trust relationships in order to achieve privileged code execution. In this talk, I will discuss my encounters with SEAndroid, demonstrate how SEAndroid mitigates previously popular exploitation techniques, and discuss modern methods that can be used to compromise Android devices.
Jake Valletta is a Manager, researcher, and instructor on Mandiant’s Global Services and Intelligence team based in San Francisco, CA. Jake has over six years of experience in Information Security and his areas of expertise include mobile security, red teaming, penetration testing, and incident response. He regularly assists fortune 100 and fortune 500 companies protect their assets and defend against advanced attacks. He speaks frequently at industry-recognized conferences on mobile security topics and has reported and published articles on exploiting Android devices. Jake also develops, maintains, and delivers Mandiant’s network forensics and security training to commercial and federal customers. In his free time, he maintains a website and blog dedicated to mobile security and research called “The Cobra Den.”