Privacy Detective: Sniffing Out Your Data Leaks for Android
Вставка
- Опубліковано 16 вер 2024
- Privacy data protection has become a major concern within regions, such as Europe, where GDPR is implemented. To discover the potentially privacy-infringing behaviors, manufacturers must test applications for compliance before release.
In practice, presented tools often dump TCP files, and novices cannot easily use methods of data detection. To solve these problems, we will hook system-level functions used for and by TCP, OpenSSL, and cipher methods to obtain network traffic and encrypted data. This way we can decrypt TLS traffic and automatically detect privacy data transmission behaviors, to tell if the data has been double encrypted.
In this session, we will share our research findings on hook points, TCP-TLS traffic decryption, and HTTP/2 header decoding. Moreover, prospects of how to improve the tool for automated analysis will be discussed
By:
Zhengyang Zhou | Security Engineer, OPPO
Yiman He | Security Engineer, OPPO
Ning Wang | Cybersecurity researcher, Huazhong University of Science and Technology
Xianlin Wu | Senior Security Researcher, OPPO
Feifei Chen | Senior Security Engineer, OPPO
Full Abstract & Presentation Materials:
www.blackhat.c...
