Stumping the Mobile Chipset

Presented at Black Hat Europe 2016, Nov. 3, 2016, 4 p.m. (60 minutes).

Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape. However, Google is not alone in the struggle to keep Android safe. Qualcomm, a supplier of 80% of the chipsets in the Android ecosystem, has almost as much effect on Android's security as Google. <br> <br> OEMs own some responsibility for low security standards, but the role of chipset manufacturers in the Android project is frequently underestimated. These manufacturers can have a devastating impact on the security of a mobile device. With the ubiquity of the Qualcomm chipsets used in Android devices, and the modifications that are made at the lowest-level in the Android project, a security breach in chipset code is often critical.<br> <br> In this talk we will present the communication interfaces and protocols of hardware kernel modules. We will show how they work with each other and the security architecture of Qualcomm chipsets -- the most popular Android chipset -- upon which most of OEMs rely. We will show how a few minor cracks in this architecture can have dire effects.<br> <br> Lastly, we will present multiple zero-day, privilege escalation vulnerabilities affecting most Android devices in the market today in multiple subsystems of Android's Linux kernel, all from code introduced by the chipset vendor. We will demonstrate an exploit for one of these zero-days which allows an attacker to completely compromise a device, running arbitrary code in kernel from any zero privileged application. The exploit dubbed 'Qualaroot,' is just one of the many severe vulnerabilities in Qualcomm's chipset code - used by all the flagship Android devices in the market.

Presenters:

  • Adam Donenfeld - Security Researcher, Check Point Software Technologies
    Adam Donenfeld is a lead mobile security researcher at Check Point with vast experience in the mobile research field. From a young age he has been hacking and reverse engineering for fun and profit. Prior to Check Point Adam served in an Israeli elite intelligence unit, as a security researcher. In his free time, Adam studies German.

Links:

Similar Presentations: