Qidan He (a.k.a Flanker) is a security researcher focusing on mobile security at KeenLab of Tencent (formerly known as Keen Team). His major experience includes vulnerability hunting & exploitation on *nix platforms. He is frequently credited on various security bulletin and advisories, most of them are Android and Apple's. He is the winner of Pwn2Own 2016 OS X Category and member of Master of Pwn Champion team. He has spoken at conferences like BlackHat, REcon, CanSecWest, DEFCON, HITCON and QCON.
Liang Chen is a senior security researcher at KeenLab of Tencent (formerly known as Keen Team). Liang has a strong research experience on software vulnerability exploitation and vulnerability discovery. During these years, Liang's major research area was browser exploitation including Safari, Chrome, Internet Explorer, etc on both PC and mobile platform. Also Liang researches sandbox escape technology on various platforms. Liang led Tencent Security Team Sniper to win "Master of Pwn" in Pwn2own 2016. Liang is also the winner of iPhone Safari category in Mobile Pwn2own 2013 and Mavericks Safari category in Pwn2Own 2014. Liang has spoken at several security conferences including XCON 2013, BlackHat Europe 2014, CanSecWest 2015/2016, POC 2015, etc.
[Abstract]
==========
As the security of mobile devices has drawn more and more attention from underground attackers and innocent public, both vendors and security researchers rush to fuzz and audit both closed source/ open source components to eliminate security vulnerabilities. However hidden corners still exist due to the nature of the operating system, which introduce vulnerability pattern that has been overlooked before.
In this talk we will focus on a complete exploit chain consisting of brand new bugs, starting from compromising the browser renderer to escaping the sandbox and fresh kernel bugs that can be used to elevate privilege from constrained domain, found by this pattern. The talk will be concluded by remote exploitation demos on up-to-date major mobile devices.