Attacking Debug Modules In The Android Ecosystem

Debug modules are important parts in the Android Ecosystem. They can capture logs and exceptions for all levels and support vendor specific verification of functions. When exceptions occur in the system, the debug modules can help to discover problems and improve product quality. However, due to the fragmentation of the Android Ecosystem, vendors customize their own debug features to adapt to hardware-related functional verification or factory testing. Therefore, vendors design specific debug modules to obtain logs, manage exceptions and factory testing.

Since the debug modules need to obtain information at all levels of the system and expose them to users for operation verification. The security risks are introduced such as local privilege escalation and information leakage. In some scenarios, attackers can use the debug modules to obtain sensitive information, bypass permission control to execute privileged instructions. Based on the attack surfaces, we found dozens of security issues in 3 vendors and obtained 49 CVEs' credits.

In this session, we first introduce the native debug architecture of Android. Then we take two vendors' debug architectures as examples to introduce vendor specific debug modules. Secondly, we build a threat model for the debug modules and analyze the attack surfaces. Finally, the interesting cases discovered are introduced, and security suggestions are proposed.

By:
Lewei Qu | Chief Information Security Officer, Mogo Auto Intelligence and Telemetics Information Technology

Full Abstract & Presentation Materials:
https://www.blackhat.com/asia-24/brie...