Overview
Explore a comprehensive security research presentation from DEF CON 32 that delves into exploiting Qualcomm Adreno GPU vulnerabilities for Android root access. Learn about the critical aspects of mobile GPU security through an in-depth analysis of the Adreno GPU kernel module implementation, focusing on recent GPU versions and their attack surfaces. Discover how researchers identified and exploited 9+ vulnerabilities in the Adreno GPU driver, enabling kernel code execution on Qualcomm-based devices. Follow along as the speakers demonstrate a race condition exploitation achieving root privileges from a zero-permission application with 100% success rate, while explaining how they overcame Android kernel mitigations like CFI and W^X through a novel exploit method leveraging GPU features. Gain insights into the technical details of exploitation techniques, including methods for arbitrary physical memory read/write operations, and understand the recommended actions for vendors to enhance GPU security and minimize vulnerability impacts.
Syllabus
DEF CON 32 - The Way To Android Root: Exploiting Smartphone GPU - Xiling Gong, Eugene Rodionov
Taught by
DEFCONConference