Prakhar Agrawal
Venue Details
KD 101

Abstract: A large number of applications exist for the Android Platform, and new applications are being developed each day. However, we know that more the number of apps we have, more are the vulnerabilities and bugs to exploit. Applications that are not developed properly may contain security vulnerabilities which can leak users' data, and undermine privacy and security. Sometimes these types of bugs appear in the Android OS itself. Android security is therefore a major area of focus. To prevent the attacks, the developers keep sending new patches for the devices, but in general, users are not aware of these patches and don't update their software. Sometimes the patches are only developed for new devices/OS versions, but a lot of users are still using older OS versions, and therefore vulnerability still exists.

In this UGP, we have developed an attack which aims to exploit Media Projection vulnerability. This attack enables us to take screenshots and record screen video without user permission. This vulnerability is patched in Android 8 (Oreo), but still present in the older versions, and currently most of the users are operating on Android 7 and below.