Fighting Cavities: Securing Android Bluetooth by Red Teaming
Jeong Wook Oh, Rishika Hooda, Xuan Xing
OffensiveCon 2025 · Day 1 · Main
Google's Android Red Team conducted a structured offensive security engagement against the Android Bluetooth stack — the open-source Fluoride/AOSP implementation running in a privileged system process — and discovered multiple critical and high-severity vulnerabilities including two remote code execution bugs. All findings have been patched and distributed via the Android Security Bulletin. The team combined manual code review, custom host-based fuzzing pipelines, CodeQL static analysis, and KLEE symbolic execution, with manual review accounting for roughly half the critical discoveries including the two RCE bugs demonstrated at the talk. ---
AI review
Google's Android Red Team doing a transparent internal engagement writeup on the AOSP Bluetooth stack, with two RCE bugs and a continuous fuzzing pipeline. Competent, well-structured, and worth the slot — but this is a methodology showcase more than a vulnerability deep-dive, and the talk deliberately stops short of the technical detail that would make it memorable.