Google’s Android red team has full Pixel 6 Pwn ahead of launch

when google roll out Pixel 6 and 6 Pro launching in October 2021, key features include custom tensor System-on-a-chip processors and their onboard security benefits Titan M2 Security Chip. But with so many new devices launching at the same time, the company needs to be extra careful lest anything go unnoticed or go wrong. At the Black Hat security conference in Las Vegas today, members of the Android Red Team are speaking about their mission to hack and hack as many Pixel 6 firmware as possible before launch — a task they’ve accomplished .

The Android red team, which primarily reviews Pixel products, discovered a number of important flaws when trying to hack the Pixel 6. One of them is a vulnerability in the bootloader, the first piece of code that runs when a device starts up. An attacker could exploit the vulnerability to gain deep device control. This is especially important because exploits can persist even after a device reboot, a coveted attack capability. Additionally, the red team developed an exploit chain that used a set of four vulnerabilities to defeat the Titan M2, a crucial discovery since the security chip needs to be trustworthy to act as a kind of sentinel and validator in the phone.

“This is the first ever public talk about a proof-of-concept executing end-to-end code on the M2 Titan chip,” Farzan Karimi, one of the red team leaders, told WIRED ahead of the meeting. “Four vulnerabilities are linked to create this, not all of them are critical in themselves. When you link them together, it’s a mix of high and medium severity that has this impact. Pixel Developers expect red teams to focus these types of work on them, and they’ll be able to patch vulnerabilities in this chain prior to release.”

The Android red team not only prioritizes finding vulnerabilities, but also spends time developing real exploits for them, the researchers said. This helps to better understand the exploitability of different flaws, and is therefore crucial, and reveals the range of possible attack paths so the Pixel team can develop a comprehensive and resilient fix.

Like other top red teams, the Android team uses a range of methods to find bugs. Strategies include manual code reviews and static analysis, automated methods for mapping codebase functionality, and finding potential problems with how the system is set up and how different components interact. The team also invests heavily in developing tailored “fuzzers” that can then be handed over to the Android team to catch more bugs as development begins.

“A fuzzer is basically a tool that throws malformed data and garbage at a service in order to crash it or reveal some security hole,” Karimi said. “So we built these fuzzers and shipped them to other teams so other teams could run them continuously throughout the year. In addition to finding bugs, our red team has done a really good thing. We really Institutionalizing fuzzing.”

Source link