Maddie Stone

Bad Binder: Finding an Android In The Wild 0day


What do you do when you see marketing materials for an Android 0-day exploit? You hunt for it, even if you have no sample and just have a few tips to go on. This talk will cover the process of finding that 0-day (which turned out to be a 677-day), details about the bug, and writing an exploit for it. CVE-2019-2215 is a kernel local privilege escalation that affected a wide-range of Android devices like Google Pixels, Samsung, Huawei, and more. I will also cover the evidence we received and why we reported under a 7-day deadline as well as thought of what we can learn from in the wild 0-days and how to use that information.


Maddie Stone is a Security Researcher on Google Project Zero where she focuses on in-the-wild 0days. Previously, she was a reverse engineer on the Android Security team. She has spent many years deep in the circuitry and firmware of embedded devices including 8051, ARM, C166, MIPS, PowerPC, BlackFin, the many flavors of Renesas, and more. Maddie has previously spoken at conferences including Blackhat USA, REcon, OffensiveCon, KasperskySAS, and more.