Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Kernel Sanders: Bypassing Android Security Mechanisms Using a Custom Kernel

SungHyoun Song

0 vote(s)

Most Android hackers are researching application vulnerabilities using the rooting tools (SuperSU, MagiskSU) and the hooking framework (FRIDA, Xposed Framework, etc.).

However, the rooting tool and the hooking framework are detected and blocked by the security mechanisms of the Android OS and the Application. So hackers have to circumvent the security mechanism applied to the Android OS and Applications which can allow an attacker to spend a lot of time analyzing and bypassing. This is a continous cat and mouse game.

In this presentation, we analyze the security mechanism applied to Android OS and applications in detail at their code level. We will show, how by creating a new Android kernel, we can create an undetected privilege escalation backdoor that allows us to dynamically intercept and manipulate execution environment, and bypass all security mechanisms.


SungHyoun Song, is a manager in FSI(Financial Security Institute), in charge of Mobile Security for Financial Industry in Korea. He has experienced Mobile Security, Penetration Test, Malware Analysis and Authentication Mechanism for 10 Years. Also he has participated in various international security conference such as ITU-T, HITCON, JWCAA.

He has developed a user and kernel level hooking framework that can dynamically analyze the behavior of an application in the Android environment. And He have been studying the malware techniques and security solution that apply to Android applications using the developed hooking framework for many years. Recently He have been analyzing the platform and kernel source code of Android.

2012~2013) He was co-editor and speaker of ITU-T X.1156 in Switzerland

- (subject) "Non-repudiation framework based on a one time password"
- (info) http://www.itu.int/ITU-T/workprog/wp_item.aspx?isn=9416

2013) He was speaker of JWCAA(Joint Workshop on Cryptographic Algorithm and its Application) in Korea

- (subject) "Security of Korean Banking"

2017) He was speaker of HITCON in Taiwan

- (subject) "A hidden agent of fingerprint authentication in Android"
- (info) https://hitcon.org/2017/CMT/agenda