Learn about a DEF CON 32 conference talk that reveals the behind-the-scenes journey of NCC Group's successful Xiaomi 13 Pro exploit at Pwn2Own Toronto 2023. Explore the technical aspects of their exploit chain, which combined a malicious HTML hyperlink with uploading a potentially dangerous application to Xiaomi's app store. Discover the unique challenges faced by the research team, including regional variations in exploit effectiveness that required international travel for testing. Gain insights into Xiaomi's robust security measures implemented specifically for the Pwn2Own competition, and understand why only two teams managed to successfully breach the device's defenses during the event.
Overview
Syllabus
DEF CON 32 - Xiaomi The Money : Our Toronto Pwn2Own Exploit & BTS Story - Ken Gannon, Ilyes Beghdadi
Taught by
DEFCONConference