Starting from the vulnerability of the Android kernel, Wei systematically explained how security issues in the Android ecosystem have caused chronic "security diseases."
The Android security mechanism relies heavily on kernel integrity. This underlying security mechanism would collapse in the event of any kernel vulnerability. Once securing control over the kernel, the intruder would be able to easily bypass an app's isolation mechanism and most Android OS security mechanisms.
Offering a solution to this problem, Wei presented Baidu's latest adaptive kernel hot fixing technology, for which it has applied for five patents. This technology is able to automatically match vulnerable points of the targeted Android OS for online hot fixing with no need for the source codes and configurations used to compile the kernel.
Another domestic cyber security pioneer, Qihoo 360 Technology Co, China's largest security software provider, has also participated in the two events. Topics, including security of Power Line Communication (PLC), 4G LTE security and intelligence auto vehicle security, have been raised by the 360 Unicorn Team, a group of industrial leading online security engineers, during the meetings.
Baidu-backed Blue-Lotus is the only team in the Chinese mainland to have entered the finals of DEFCON's CTF contest, the world's top-level hacking competition, and placed among the Top 5 in the rankings.
B1o0ps, the team consisting of Blue-Lotus and 0OPS, defeated Korea-based DefKor, the defending champion, in the finals of DEFCON's CTF contest, and ultimately ranked 2nd with a slight score gap behind US-based PPP, traditionally a strong team.
The BlackHat conference is widely viewed in the information security industry as the top-level, highly technologically intensive conference on information security.
DEFCON is known as the secret carnival of global hackers and as the best representative of the spirit and culture of hacking.
Both hacking events attract researchers from companies and governments, expert hackers from global security companies and research organizations and even officials from US government departments/agencies such as the Department of Defense, the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA).
By Liu Zheng (China Daily)