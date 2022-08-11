



When Google launched the Pixel 6 and 6 Pro in October 2021, key features included a custom Tensor system-on-chip processor and the security benefits of the onboard Titan M2 security chip. But with so many new devices launching at once, the company had to be extra careful not to overlook anything or go wrong. Members talk about their mission to hack and destroy as much of the Pixel 6 firmware as possible before starting their accomplished tasks.

The Android Red Team, which primarily scrutinizes Pixel products, found a number of critical flaws when trying to attack the Pixel 6. One of them was a vulnerability in the bootloader, the first piece of code that runs when a device boots. An attacker could have exploited this flaw to gain more control over the device. This was especially important as the exploit could survive a device reboot. This is a coveted attack feature. Separately, the red team also developed an exploit chain that uses four groups of vulnerabilities to defeat Titan M2. This is an important finding given that the security chip must be trustworthy, acting as a sort of sentinel and validator within the phone.

This is the first publically discussed proof of concept of running end-to-end code on the M2 Titan chip, Farzan Karimi, one of the red team leaders, told WIRED ahead of the talk. rice field. He had four vulnerabilities chained together to create this, but not all of them were critical on their own. Chaining them together, it was a mixture of high and medium severity that created this impact. was able to patch the exploit for this chain.

Researchers say Android’s red team prioritizes spending time developing actual exploits for bugs rather than just finding vulnerabilities. This will give us a better understanding of how exploitable and therefore critical various flaws really are, revealing the range of possible attack paths so that the Pixel team can come up with a comprehensive and resilient fix. allow for development.

Like other top red teams, the Android group uses a variety of approaches to find bugs. Tactics include manual code review and static analysis, automated methods for mapping how the codebase works, and potential problems in how the system is set up and how various components interact. Includes a search for The team has also invested heavily in developing customized fuzzers, which they then hand over to teams across Android to help catch more bugs in the first stages of development.

A fuzzer is essentially a tool that injects malformed data or junk into a service to crash it or reveal security vulnerabilities, says Karimi. So build these fuzzers and take them over so other teams can continue to do them throughout the year. It’s really amazing what our red team accomplished other than finding bugs.Fuzzing was really institutionalized.

