Qualcomm WiFi: Infinity War

Presented at Black Hat USA 2021, Aug. 5, 2021, 2:30 p.m. (30 minutes).

Qualcomm is the chip manufacturer with the highest market share in smart phones. With hundreds of millions of devices using Qualcomm WiFi chips, any security issue can cause a big impact on users, among which, 0-click remote/adjacent attack surface is always the most concerning attack surface by security researchers as they require no user interaction, thus attacks can be performed in a silent manner. Furthermore, as one of the most important short-distance communication protocols, WiFi must be a major target of attackers.

This topic will explain to the audience the security risks faced by Qualcomm WiFi as well as its mitigations, illustrated by eight of the latest 0-click remote vulnerabilities we discovered. On the other hand, although the flagship Snapdragon 865 of Qualcomm in 2020 has made a lot of changes and security enhancements in WiFi, we still managed to find more security issues by conducting in-depth security research on the WiFi module of sdm865. In this talk, we also share our methodology in regards to reverse engineering and exploitation of WiFi in sdm865.


Presenters:

  • Haikuo Xie - Researcher, Singular Security Lab
    Xie Haikuo, a security researcher at singularity security laboratory, focuses on the field of protocol and short-distance communication. Xie found a large number of protocol vulnerabilities, including windows SMB vulnerabilities and WiFi remote vulnerabilities, and is good at malware analysis, reverse engineering and fuzzing.

Links:

Similar Presentations: