When in doubt, go for the core. This statement is true for most Star Wars films. It is also valid for any kind of security research. Modern software has tons of dependencies, metric or otherwise. In addition, most platforms provide a set of basic components accessible by API. The wheel has been invented already. So if you look for weaknesses, addressing these fundamentals is a good idea. Why start at the outer shell, when you can directly go to the foundation of the walls. Siege warfare used to be like that. What happens when you combine the technique of fuzzing with accessible interfaces will be explained by Alexandru Blanda in his presentation at DeepSec 2016.
System services represent one of the core components in Android, implementing many fundamental Android features such as media playback, graphics or network connectivity. The fact that the large majority of system services exposes a remote interface that can be called by other unprivileged applications or services makes them an excellent attack vector. From a system security perspective this makes even more sense since most of the components and processes executed behind each system service run with high or increased privileges. During the presentation the audience will learn about a fuzzing approach that can be used for testing system services in Android. In-depth information will be provided about the implementation of the tools developed to accomplish this task and examples of actual vulnerabilities that were discovered in the latest versions of Android.
This talk is not only for penetration testers. Software developers are encouraged to attend as well. Security professionals should take a look, too. The method is not tied to the Android system. You can extend/transfer the approach discussed by Alexandru to any other system. Most have system services exposed to user space software. What else do you need?
Alexandru Blanda is a software security engineer, part of the Open Source Technology Center at Intel Corporation. He is currently working on projects related to the overall security of the Android OS, mainly focusing on methods to improve the efficiency of fuzzing techniques inside this environment and discovering ways to uncover vulnerabilities inside different components of the operating system.