Posts | Archive

Linux Kernel pktcdvd Memory Disclosure

A vulnerability in the pktcdvd driver in the Linux kernel allows for the disclosure of 4 bytes of kernel memory.  In this post, I'll describe the tad bit of magic that's necessary to exploit the vulnerability on both 32-bit and 64-bit hosts to disclosure an arbitrary amount of ...


Linux Kernel CAN SLUB Overflow

Ben Hawkes discovered a vulnerability in the Controller Area Network (CAN) packet family in the Linux kernel that results in a controllable overflow of a SLUB-allocated structure. As there's not a whole lot of modern, public examples of SLUB overflow exploits, I'll describe my exploit of the CAN ...


Dexcode Teardown of the Android SMS Trojan

I got my hands on a copy of the recent Android SMS trojan that commits toll fraud via SMS messages to premium Russian shortcodes.  What follows is a brief teardown of the APK and disassembly of the trojan's dexcode and description of its malicious functionality.  It's incredibly simple ...


A Peek Inside the GTalkService Connection

This posts aims to peek inside the Android GTalkService connection and observe its protocol.  In particular, we're interested in the INSTALL_ASSET message and whether or not it is protected by any additional cryptographic signatures beyond the intended guarantees provided by the SSL transport.

A Brief Introduction to the GTalkService ...


Remote Kill and Install on Google Android

In this post, I'll talk about the REMOVE_ASSET and INSTALL_ASSET mechanisms that can be invoked by Google via Android's GTalkService to not only remotely remove applications from an Android device but also remotely install new applications.

RootStrap Background

So if you didn't check out my slides from ...

Copyright © 2015 - Jon Oberheide <jon at oberheide dot org>.