Race conditions constitute a major vulnerability class affecting all types of concurrent software, with the Android kernel being no exception. In this presentation, after summarizing existing work, we will present 4 novel userland techniques for forcing the Android kernel to block, thus allowing an attacker to win race conditions more easily. The presented techniques can be used from the `untrusted_app`, as well as from the `system_server` and SELinux contexts, from where attackers usually execute further attacks (e.g. kernel LPEs). During the presentation, we will perform a deep technical review of Android internals and give live demonstrations of all the developed techniques. We will conclude with future work directions and open questions.
Chariton is an Android security researcher at CENSUS and a PhD candidate at the Electrical Engineering department of the Aristotle University of Thessaloniki. When not scrolling through cat memes, Chariton does math, reverse engineering and exploit development.
