ELC 2015 – Fuzzing the Media Framework in Android – Alexandru Blanda, Intel
This presentation focuses on exposing a software testing tool developed with the purpose of fuzzing the media framework in the Android OS. Approaching this topic is of particular importance given the fact that currently there is little prior work done that concerns the issue of fuzzing media content in the context of the Android OS. The main idea behind developing this fuzzing tool is to create corrupt but structurally valid media files, direct them to the appropriate components in Android to be decoded and monitor the system for potential security vulnerabilities. The main parts of the talk include: an introduction to fuzzing and the reasons that make media content an attractive target, an insight on the implementation of the tool and the testing campaign and a series of results obtained using this approach, including a number of CVE entries that were discovered during this process.
Software Security QA Engineer, Intel
Alexandru Blanda is a software security QA engineer as part of the Open Source Technology Center at Intel. He is currently involved in working on projects related to the overall security of the Android OS, mainly focusing on methods to improve the efficiency of fuzzing techniques inside this environment and discovering ways to uncover vulnerabilities inside different components of the operating system.