Explore the Latest in Tech Innovations

Please enable JavaScript in your browser to complete this form.
Name

IT Briefcase Exclusive: BlackHat 2022 Highlights: Quarkslab Demonstrates Google Pixel Chipset Vulns

Aug 10, 2022 | Fresh Ink, Privacy, Security

By Peter R. Kelley

Among the top ten presentations at Blackhat 2022 that news watchers are anticipating is new analysis from French deeptech cybersecurity company Quarkslab on the Titan M modern security chipset, a key component in Google Pixel 3-5 devices.

The session “Attack on Titan M Reloaded” will be held on Thursday, August 11 at 3:20 PM PDT at Islander FG Level 1 at the Mandalay Bay Convention Center, led by Quarkslab security researchers Damiano Melotti and Maxime Rossi Bellom.

Quarkslab’s mobile security research team is acknowledged as among the most advanced, and the demonstration of a Pixel RCE via the chip is widely anticipated.

Melotti and Bellom will focus on measures they took to research software vulnerabilities they were able to find with limited public information available about the chip.

“We will dive into how Quarkslab’s black-box fuzzer works and its associated limitations, and then we’ll show how emulation-based solutions can outperform hardware bound approaches,” said Melotti. “By combining a coverage-guided fuzzer (AFL++), an emulator (Unicorn) and some optimizations specifically for this target, we found a vulnerability that allowed setting a single byte to 1 with several constraints on the offset. We will present how we managed to obtain code execution from this chip and leaked the secrets contained in the secure module.”

Bellom said: “This is the tale of how we mixed together various known techniques and open-source tools against this chip with almost no debugging support and often relying on return codes to develop our tools and exploits.  We hope to offer insights into our work to benefit other security researchers probing similar targets.”

Founded 10 years ago, Quarkslab’s cyber-security engineers and developers work to require attackers – rather than defenders — to continually adapt and shift in response to powerful defenses. The company is recognized for its track record in protecting companies and their assets against increasingly sophisticated attacks. Quarkslab has garnered several awards and distinctions over the last five years, such as recognitions in the Minipol Innovation Awards, the Digital Top 50, IE Club Global Leader, the NATO inaugural defense innovation challenge, the Gartner Cool Vendor Award, and the PWC Top 10 next generation cybersecurity solutions.

Through QLab‘s consulting expertise and R&D, and their software QFlow and QShield, the experts share and scale their knowledge by making it accessible to everyone, with the ethos that security is everyone’s concern as there is no freedom if there is no security.

Maxime Ross Bellom & Damiano Melotti

 

 

 

How new data privacy laws will impact you

How new data privacy laws will impact you

The 2025 Data Privacy Crisis: 8 New Laws Create Compliance Emergency
January 2025 brought unprecedented privacy upheaval as eight new state laws activated simultaneously, affecting businesses nationwide. With non-compliance costs averaging $14.82 million and 94% of consumers refusing to buy from companies that mishandle data, the stakes have never been higher. From mandatory universal opt-out mechanisms to AI governance challenges, organizations face a regulatory maze that could trigger automatic violations. Tennessee, Minnesota, and Maryland follow with even stricter requirements mid-year. Discover critical compliance strategies, technical implementation requirements, and personal VPN protection benefits to navigate 2025’s most complex privacy landscape and avoid costly penalties.

read more
The Quantum Readiness Survey: How Technology Leaders Are Preparing for the Next Computing Revolution

The Quantum Readiness Survey: How Technology Leaders Are Preparing for the Next Computing Revolution

Quantum computing is no longer a distant scientific curiosity—it’s rapidly approaching commercial reality. From breaking current encryption methods to solving optimization problems that could transform entire industries, quantum computing represents both unprecedented opportunity and significant risk for enterprise organizations. Be a part of the future, take part 1 of the Quantum Computing survey

read more
Your Monthly Tech Intelligence Briefing – May 26, 2025 – Memorial Day Edition

Your Monthly Tech Intelligence Briefing – May 26, 2025 – Memorial Day Edition

Securing Multi-Cloud Environments: Best Practices for 2025
As we honor those who served our nation this Memorial Day, it’s fitting to reflect on the strategic importance of defending our digital infrastructure. Just as military operations require coordinated defense across multiple fronts, modern enterprises must secure their multi-cloud environments with the same level of strategic planning and execution.

read more
Share This