Techly NewsGet the app

Get the latest tech news

Attacking Android Binder


At OffensiveCon 2024, the Android Red Team gave a presentation (slides) on finding and exploiting CVE-2023-20938, a use-after-free vulnerability in the Android Binder device driver. This post will provide technical details about this vulnerability and how our team used it to achieve root privilege from an untrusted app on a fully up-to-date (at the time of exploitation) Android device. This vulnerability affected all Android devices using GKI kernel versions 5.4 and 5.10. This vulnerability is fixed and the patches were released as part of the Android Security Bulletin–February 2023 and July 2023 (more details in the remediation section of the blog).

This post will provide technical details about this vulnerability and how our team used it to achieve root privilege from an untrusted app on a fully up-to-date (at the time of exploitation) Android device. To give a sense of this complexity, we counted three different types of concurrency synchronization primitives (5 locks, 6 reference counters, and a few atomic variables) all being used in the same 6.5k line file implementing the driver. Special thanks to Carlos Llamas, Jann Horn, Seth Jenkins, Octavian Purdila, Xingyu Jin, Farzan Karimi, for their support with technical questions and for reviewing this post.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of analysis

analysis

Photo of exploitation

exploitation

Photo of android binder

android binder

Related news:

News photo

Electing the Doge of Venice: analysis of a 13th Century protocol [pdf] (2007)

News photo

Corporations Invested in Carbon Offsets That Were 'Likely Junk', Analysis Says

News photo

An analysis of studies pertaining to masks from 1978 to 2023

ARM's next-gen CPU and GPU cores are faster, more efficient »