IT Briefcase Exclusive: BlackHat 2022 Highlights: Quarkslab Demonstrates Google Pixel Chipset Vulns

By Peter R. Kelley

Among the top ten presentations at Blackhat 2022 that news watchers are anticipating is new analysis from French deeptech cybersecurity company Quarkslab on the Titan M modern security chipset, a key component in Google Pixel 3-5 devices.

The session “Attack on Titan M Reloaded” will be held on Thursday, August 11 at 3:20 PM PDT at Islander FG Level 1 at the Mandalay Bay Convention Center, led by Quarkslab security researchers Damiano Melotti and Maxime Rossi Bellom.

Quarkslab’s mobile security research team is acknowledged as among the most advanced, and the demonstration of a Pixel RCE via the chip is widely anticipated.

Melotti and Bellom will focus on measures they took to research software vulnerabilities they were able to find with limited public information available about the chip.

“We will dive into how Quarkslab’s black-box fuzzer works and its associated limitations, and then we’ll show how emulation-based solutions can outperform hardware bound approaches,” said Melotti. “By combining a coverage-guided fuzzer (AFL++), an emulator (Unicorn) and some optimizations specifically for this target, we found a vulnerability that allowed setting a single byte to 1 with several constraints on the offset. We will present how we managed to obtain code execution from this chip and leaked the secrets contained in the secure module.”

Bellom said: “This is the tale of how we mixed together various known techniques and open-source tools against this chip with almost no debugging support and often relying on return codes to develop our tools and exploits.  We hope to offer insights into our work to benefit other security researchers probing similar targets.”

Founded 10 years ago, Quarkslab’s cyber-security engineers and developers work to require attackers – rather than defenders — to continually adapt and shift in response to powerful defenses. The company is recognized for its track record in protecting companies and their assets against increasingly sophisticated attacks. Quarkslab has garnered several awards and distinctions over the last five years, such as recognitions in the Minipol Innovation Awards, the Digital Top 50, IE Club Global Leader, the NATO inaugural defense innovation challenge, the Gartner Cool Vendor Award, and the PWC Top 10 next generation cybersecurity solutions.

Through QLab‘s consulting expertise and R&D, and their software QFlow and QShield, the experts share and scale their knowledge by making it accessible to everyone, with the ethos that security is everyone’s concern as there is no freedom if there is no security.

Maxime Ross Bellom & Damiano Melotti