• Goa 2020
  • Speakers
  • En He & Wenbo Chen & Junyang Bai

En He & Wenbo Chen & Junyang Bai

En-He & Wenbo-Chen

Talk Title:

Android App Bug hunting with Taint Analysis

Abstract:

As Android security researchers, we have done lots of bug huntings manually for both OPPO apps and other popular apps in Google Play and gained rich knowledge on Android App vulnerability patterns, including Embedded the intent, Webview intent redirection, Dynamic broadcast receiver abusing and so on, But Android app security is still a major concern in big mobile phone vendors like OPPO. Usually, there are tens of Apps on a mobile phone. It’s a big challenge to do a quick and precise vulnerability finding in numerous Apps. Therefore, we chose taint analysis as our weapons which can accurately locate the problems.

we’ll present details of every vulnerability in real-world popular Apps like in Google Play or Android AOSP code, and how we simulate these vulnerability models precisely through taint analysis.

Bios:

En He

En He(a.k.a heeeeen) is a security expert in OPPO ZIWU Lab, which is a security research team in charge of defending information security of OPPO Internet business. He is a security researcher with more than a decade of working experience in the field of information security. He has been working in the cross-disciplinary area of communication, network and information security. Now he mainly focuses on Android app and system security. He got acknowledgments from Google for some interesting vulnerabilities about Android Bluetooth, Telephony and Socket in Android AOSP code. Also, he is a top hacker in HackerOne, finding many bugs on popular apps such as VK, Airbnb and MailRu in Google Play. He is also a speaker of CNCERT 2016 and POC 2018.

Wenbo Chen

Wenbo Chen(a.k.a Bill Chen) is a security expert in OPPO ZIWU Lab. He gots acknowledgments from Google for finding vulnerabilities in the Google arts & culture app. He is well versed in Android app reversing, taint analysis and vulnerability hunting.

Junyang Bai

Junyang Bai Received Ph.D. degree in 2018 from Central South University, China. Currently, work at OPPO ZIWU Cyber Security Lab. Skilled in software analysis and security testing, including Java/JavaScipt application analysis, data flow analysis and fuzzing.

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved