#NullconBerlin2025 скачать в хорошем качестве

#NullconBerlin2025

Presentation: https://berlin2025.nullcon.net/berlin... Speaker: Dimitrios Valsamaras Talk Title: My Other ClassLoader is Your ClassLoader Reloaded: Reviving Evil Parcelable Objects The class loader is a fundamental component of the Java Virtual Machine, responsible for dynamically loading classes into an application's memory during runtime. The functionality of class loaders is outlined by the abstract ClassLoader class, with the PathClassLoader and DexClassLoader being some common implementations in the Android OS. In the context of data transfer and object management, dynamic class loading becomes particularly relevant when dealing with Serializable and Parcelable objects, as the ClassLoader implementation plays a crucial role in reconstructing them. However, while the Android security model enforces isolation among running processes, nothing prevents an application from creating and maliciously using objects of another app. In fact, the practice of storing application resources and their code in world-readable directories eases this process, since it allows any app to "borrow" the context of another and create class loader instances that can be used to construct Java objects with potentially unsafe content. Additionally, we introduce a new technique whereby Parcelable objects can be intercepted, stored as files, modified, and subsequently reused. This approach significantly reduces the complexity involved in crafting malicious Parcelable instances, allowing attackers to manipulate serialized objects directly. Android developers often overlook this contingency, placing undue trust in Java objects received from untrusted sources. In a typical scenario, an application handles such objects without proper caution regarding their encapsulated data. Depending on the use of this data, such an oversight can lead to unpredictable behavior and, under some circumstances, serious security implications. In this study, we demonstrate techniques and explore how third-party applications, without requiring any permission, can leverage the outlined behavior to craft, modify, and dispatch Parcelable Java objects with malicious content to other applications. We further illustrate, using practical examples, the severe security implications that this may have, underscoring the necessity for more vigilant and comprehensive security practices in Android application development. ----------------- Follow Nullcon on Facebook:   / nullcon   X:   / nullcon   LinkedIn:   / posts   Website: https://nullcon.net/