Séminaire SoSySec : DroidGuard: A Deep Dive into SafetyNet

Seminar
Starting on
Ending on
Location
IRISA Rennes
Room
Salle Pétri/Turing
Speaker
Romain THOMAS (Quarkslab)

SoSySec seminar Software and Systems Security
Inria - Rennes
Friday January 06, 11:00
Remotely via BBB: https://bbb.inria.fr/all-t0p-qjq-9em 
Access code: 192737

-------------------------------------------------------
Romain Thomas (Quarkslab)
-------------------------------------------------------
======================================================================
DroidGuard: A Deep Dive into SafetyNet
======================================================================

SafetyNet is the Android component developed by Google to verify the devices’ integrity. These checks are used by the developers to prevent running applications on devices that would not meet security requirements but it is also used by Google to prevent bots, fraud and abuse.

In 2017, Collin Mulliner & John Kozyrakis made one of the first public presentations about SafetyNet and a glimpse into the internal mechanisms. Since then, the Google anti-abuse team improved the strength of the solution which moved most of the original Java layer of SafetyNet, into a native module called DroidGuard. This module implements a custom virtual machine that runs a proprietary bytecode provided by Google to perform the devices’ integrity checks.

The purpose of this talk is to make a state-of-the-art of the current implementation of SafetyNet. In particular, we aim at presenting the internal mechanisms behind SafetyNet and the DroidGuard module. This includes an overview of the VM design, its internal mechanisms, and we will introduce the security checks performed by SafetyNet to detect Magisk, emulators, rooted devices, and even Pegasus.

 

 

To follow the presentation remotely, please connect to the followingURL with a modern web browser:
- URL: https://bbb.inria.fr/all-t0p-qjq-9em 
Access code: 192737
- Alternative audio access by phone will be possible but the parameters will be announced only a few minutes before the presentation.

Seminar taking place in person with mandatory registration at least 48h beforehand for *all* in-person participants by email to Nadia Derouault < nadia [*] derouaultatinria [*] fr >. Participants non-affiliated with Inria or IRISA will be asked to present an ID at the reception desk of the IRISA building.

To receive the SoSySec announcements, please subscribe to the SoSySec mailing list:
https://sympa.inria.fr/sympa/subscribe/sosysec 
All past and future SoSySec talks are listed at
https://seminaires-dga.inria.fr/en/seances-a-venir/ 
----------------------------------------------------------------------

Séminaire en présentiel ouvert à tous et toutes mais avec inscription obligatoire au moins 48h à l'avance pour *tous* les participants en présentiel auprès de Nadia Derouault <nadia [*] derouaultatinria [*] fr>.
Les participants externes devront se présenter à l'accueil avec une pièce d'identité.

Vous pouvez vous abonner à nos annonces de séminaires :
https://sympa.inria.fr/sympa/subscribe/sosysec
et consulter la liste des exposés passés et à venir :
https://seminaires-dga.inria.fr/seances-a-venir/