Joffrey Guilbon, Max, Mateusz Fruba and Georgi Geshev

Beyond Android MTE: Navigating OEM's Logic Labyrinths


With some of the first phones with MTE hitting the market, we are once more facing the seemingly imminent doom of our beloved industry. Wait! What about our trusty old friends, the logic bugs? While some turn their attention to weaker SoC components, we're back at Mobile Pwn2Own to show you how a few silly bugs can be chained to effortlessly pwn the latest Samsung and Xiaomi flagships.

In this talk, we will discuss the types of bugs we target, the attack surface that expose them, and describe some of the more interesting and bizarre issues that we have disclosed at Pwn2Own over the past 10 years. We will of course focus on last year's issues, outlining the multiple failures we faced and also share a rather spicy story with a shameless vendor.

Come for the bugs, stay for the cat memes. Pay close attention and you might even spot a 0day or two.


Joffrey Guilbon is a Security Researcher at Interrupt Labs working on mobile and embedded systems. His usual work includes low-level systems, reverse engineering (on several targets such as operating systems, trusted execution environment components, secure boot implementations, bootroms, etc.), vulnerability research, binary exploitation, and tools development to ease things out.

Max is a Principle Vulnerability Researcher at Interrupt Labs who focuses on finding security holes in critical software. Before joining Interrupt, he had previously worked and SentinelOne and F-Secure Labs (Previously MWR Labs), where he successfully participated in the Pwn2Own hacking contest a number of times.

Mateusz Fruba is specialized in reviewing, reverse-engineering and exploitation of Android devices from both userland and kernel sides. He used to work for mobile vendors including Samsung and Huawei as Security Researcher focusing on vulnerability discovery and exploitation. Currently PWNing mobile vendors in Interrupt Labs.

Georgi - Hacking