Ultrawide archaeology on Android native libraries (38c3)

Chaos Computer Club - recent events feed (low quality)

内容由CCC media team提供。所有播客内容（包括剧集、图形和播客描述）均由 CCC media team 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品，您可以按照此处概述的流程进行操作https://zh.player.fm/legal。

1M ago 39:29

MP4•单集首页

A bug in a scraper script led to us downloading every single native library in every single Android app ever published in any market (~8 million apps). Instead of deleting this massive dataset and starting again, we foolishly decided to run some binary similarity algos to check if libraries and outdated and still vulnerable to old CVEs. No one told us we were opening Pandora's box. A tragic story of scraping, IP-banning circumvention, love/hate relationships with machine learning, binary similarity party tricks, and an infinite sea of vulnerabilities. A rumor has been going around: Android developers are slow to update native dependencies, leaving vulnerabilities unpatched. In this talk we will show how *wrong* this rumor is: Android developers are not slow to patch - they never heard of the word patching. We conduct a massive study over the every single app ever published on Android (more than 8 million!). We explore trendy topics like Play Store scraping, Androzoo scraping, Maven repository scraping, the state of the Android ecosystem, binary similarity state-of-the-art methods vs binary similarity pre-historic methods, and the consequences of thinking you know how databases work when you actually don't. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/ultrawide-archaeology-on-android-native-libraries/

1543集单集

#Technologie #CCC media team #Ccc Congress Hacking Security Netzpolitik #Video