With the launch of the Pixel 6 in 2021, Google re-entered the high-end smartphones market with a customised System-on-Chip (SoC) called Google Tensor and with security as one of the main selling points.
Several months of research resulted in 2 simple but interesting vulnerabilities: a trivial to find but tricky to exploit array index out-of-bounds in one of Trusty’s SMC handlers (CVE-2022-20231) and a logic error in the DRM LDFW (CVE-2022-20364). The latter requires significant understanding of the secure media pipeline and reverse engineering of one of the co-processors. Both vulnerabilities allow compromising the Trusted Execution Environment which is used to protect biometric user data (e.g., fingerprints), attestation, DRM and other cryptographic keys.
Join the story of finding and exploiting these vulnerabilities, a forgotten patch, the effect of mitigations such as Shadow Stacks and CFI in the secure world and reverse-engineering subsystems of a complex SoC without hardware documentation. Followed by the aftermath of a lengthy disclosure process ending with a mandatory upgrade to Android 13 to recover the security of the platform by leveraging the Tensor Security Core, an isolated security processor inside the SoC.
Martijn Bogaard is specialised in reviewing, reverse-engineering and exploitation of firmware and Trusted Execution Environments. On a regular basis he presents his research, for example at Black Hat and previous years of OffensiveCon.