When Google launches the Pixel 6 and 6 Pro in October 2021, key features will include its custom Tensor SoC and security Advantage It’s onboard Titan M2 security chip. But with so many new devices launching at the same time, the company needs to be extra careful lest anything go unnoticed or go wrong. At the Black Hat security conference in Las Vegas today, members of the Android Red Team are speaking about their mission to hack and crack as many Pixel 6 firmware as possible before launch — and here’s one they’ve accomplished Task.
The Android red team, which primarily reviews Pixel products, discovered a number of important vulnerabilities when attempting to attack the Pixel 6. One is a vulnerability in the bootloader, the code that runs when the first device boots. An attacker could exploit the vulnerability to gain deep device control. This is especially important because exploits can persist even after a device reboot, a coveted attack capability. Additionally, the red team developed an exploit chain that used a set of four vulnerabilities to defeat the Titan M2, a crucial discovery since the security chip needs to be trustworthy in order to act as a kind of sentinel and validator in the phone.
“This is the first ever public talk about a proof-of-concept executing end-to-end code on the M2 Titan chip,” Farzan Karimi, one of the red team leaders, said before the talk. told Wired. “Four vulnerabilities are linked to create this, not all of them are critical in themselves. When you link them together, it’s a mix of high and medium severity that has this impact. Pixel Developers expect red teams to focus these types of work on them, who are able to patch vulnerabilities in this chain prior to release.”
Android red teams are not only prioritizing Consider finding vulnerabilities and also take the time to develop real exploits for them. This is critical in helping to better understand the exploitability of different flaws and reveals the range of possible attack paths so the Pixel team can develop comprehensive and resilient fixes.
Like other top red teams, the Android team uses a range of methods to find bugs. Strategies include manual code reviews and static analysis, automated methods for mapping codebase functionality, and finding potential problems with how the system is set up and how different components interact. The team is also investing heavily in developing a tailored “fuzzer” that can then be handed over to the Android team to catch more bugs early in development.
“A fuzzer is basically a tool that throws malformed data and garbage at a service to crash it or expose some security hole,” Karimi said. “So we built these fuzzers and shipped them to other teams so other teams could run them continuously throughout the year. In addition to finding bugs, our red team has done a really good thing. We really Institutionalize fuzzing.”