Abstract

This talk will introduce my research on Android GPU components over the past year. I will also introduce a vulnerability I found in the past and how I achieved local privilege escalation in a simple and stable way.

The GPU component is the most vulnerable part of the Android security ecosystem. Its code logic is complex enough that any app can directly access it, which greatly facilitates local privilege escalation. In the past few years of wild attacks, a large number of GPU vulnerability exploits have been exposed. These exploits seem to be more stable than traditional memory corruption vulnerabilities and can even ignore the security defense mechanism of the entire system. This talk introduces my journey in mobile security research over the past year, and show a GPU logic vulnerability I found to eventually complete privilege escalation. At the last, I will also share my vulnerability hunting experience and what I think is a reasonable security architecture design.