Conference talks on Alena Skliarova /talks/ Recent content in Conference talks on Alena Skliarova Hugo -- 0.154.3 en-us Fri, 21 Nov 2025 00:00:00 +0000 Protecting Android Application Resources with Runtime Resource Overlay /talks/mobius-2025-autumn/ Wed, 19 Nov 2025 00:00:00 +0000 /talks/mobius-2025-autumn/ <p>In this talk, I explore Runtime Resource Overlay (RRO), an often overlooked yet powerful mechanism in the Android operating system that allows applications to dynamically modify their own resources — as well as those of other apps — at runtime without recompilation. I analyze the significant potential RRO holds for safeguarding application resources, such as storing data in an encrypted form and decrypting it on the fly. This dynamic resource substitution drastically complicates reverse engineering efforts, making mobile apps far more resilient to analysis.</p> Pwned on the Road: How Car-UI-Lib Vulnerability Put Android Automotive Users at Risk /talks/tengucon-2025/ Fri, 21 Nov 2025 00:00:00 +0000 /talks/tengucon-2025/ <p>Your in-car screen is meant to show the truth — but what if it doesn’t?</p> <p>This talk explores a vulnerability in car-ui-lib that affects Android Automotive system apps, specifically impacting users with rotary controllers. The vulnerability allows attackers to manipulate content on the car’s infotainment system.</p> A Life-Threatening Bug: A Vulnerability in Android OS That Cuts Off Users in Critical Situations /talks/offzone-2025/ Thu, 21 Aug 2025 00:00:00 +0000 /talks/offzone-2025/ <p>This talk analyzes weaknesses in the Android permission model and uncovers flaws in the global restriction policy that can disrupt vital system features like emergency calls. It dives deep under the hood of the operating system to demonstrate this vulnerability in action.</p> Resource Overlay Attacks on Android Applications /talks/phtalks-2025-jakarta/ Wed, 23 Jul 2025 00:00:00 +0000 /talks/phtalks-2025-jakarta/ <p>This talk explores how attackers exploit the Android Runtime Resource Overlay (RRO) mechanism to dynamically alter application resources. By overriding resources at runtime, malicious actors can change an app&rsquo;s appearance and behavior on the fly, manipulating the user experience to trick users into unintended actions.</p> <p>The session also analyzes the specific security risks for app developers and highlights effective mitigation strategies to defend against these attacks.</p> From idea to CVE: How to Find Vulnerabilities in Android /talks/mobius-2025-spring/ Thu, 10 Apr 2025 00:00:00 +0000 /talks/mobius-2025-spring/ <p>In this talk, I break down how to discover security vulnerabilities in the Android operating system and provide practical recommendations on where to start, how to choose a target, and which methods and tools to use. I share key insights into what to focus on during the research process and cover the essential components required to craft a high-quality technical report.</p> <p>Additionally, I walk through the entire lifecycle of a vulnerability — from its initial discovery to CVE assignment and final publication in the Android Security Bulletin. I also share the technical details of several patched vulnerabilities that I personally uncovered in Android OS, making this session ideal for anyone interested in Android security and looking to dive into mobile bug hunting.</p> My Journey in Google Bug Bounty /talks/tengucon-2024/ Wed, 13 Nov 2024 00:00:00 +0000 /talks/tengucon-2024/ <p>This talk offers a candid reflection on a personal bug bounty journey, recapping both successful high-severity reports and instructive failures. It analyzes common mistakes made by bug hunters and provides a firsthand look into how the Android Vulnerability Reward Program works.</p>