Explore an innovative approach to Android kernel exploitation in this 44-minute conference talk from Nullcon Goa 2022. Discover how leveraging the TrustZone, a higher privileged component, can overcome existing security mitigations and create a 100% reliable exploit. Learn about CVE-2021-1961, a vulnerability found in the Android kernel, and the unique exploitation method used. Delve into the communication protocol between the kernel and Qualcomm TrustZone (QSEE), identifying its weaknesses. Gain insights on why this technique bypasses current and potentially future mitigations, and how to begin your own research in this area. Understand the challenges of kernel exploitation in mobile security and how this method addresses issues of reliability and adaptability across different devices and versions.
Elevating the TrustZone to Achieve a Powerful Android Kernel Exploit
Overview
Syllabus
Elevating The TrustZone To Achieve A Powerful Android Kernel Exploit | Tamir Zahavi Nullcon Goa 2022
Taught by
nullcon
Related Courses
-
TiYunZong Exploit Chain to Remotely Root Modern Android Devices - Pwn Android Phones from 2015-2020
-
XNU Heap Exploitation - From Kernel Bug to Kernel Control
-
The Way to Android Root: Exploiting Smartphone GPU
-
Exploiting UAF by Ret2bpf in Android Kernel
-
On the Nose - Bypassing Huawei's Fingerprint Authentication by Exploiting the TrustZone
-
Deep Analysis of Exploitable Linux Kernel Vulnerabilities 2017-2019
