Brutkey

Mathias Payer
@gannimo@infosec.exchange

🚂 Murder on the JNI Express 🚂

Hercule Poirot solved murders.
Droidot solves... memory corruption.

On the Android Express, every app is a suspect and their outdated native C/C++ libraries are hiding skeletons in the .so closet.

We investigated 3,967 of the most popular apps, following every JNI call like a trail of footprints in the snow.

Our case file:
🕵️‍♂️ 4,282 crashes
🔓 34 confirmed vulnerabilities
📜 3 CVEs

The culprit?
Buggy libraries traveling incognito between apps.

Interested? Check out https://nebelwelt.net/blog/2025/0813-droidot.html or meet us this week at #usenixsecurity!

Mathias Payer
@gannimo@infosec.exchange

🚨 Android Hackers, Meet Your New Playground 🚨

Kernel bugs getting too hard to find?
Rust eating your memory corruption buffet?
We went hunting elsewhere... and found that proprietary system services hide juicy attack surfaces.

Enter NASS 💦💦💦
🔍 Recovers hidden Binder interfaces
🤖 Auto-builds on-device fuzzing harnesses
💥 Already found 12 vulns & 5 CVEs

📂 Open-source.
⚡ Ready for your device.
💣 Just waiting for you to fuzz it.

Interested? Check out https://nebelwelt.net/blog/2025/0813-nass.html or meet us this week at #usenixsecurity!

Mathias Payer
@gannimo@infosec.exchange

On my way to Seattle for @usenixassociation@infosec.exchange security. Looking forward to catch up with all of you folks to chat about security, systems, fuzzing, mobile systems, and confidential computing.
Also, if you brought your running shoes, let me know!