Google Reimagined a Phone. It was Our Job to Red Team and Secure it.

Presented at Black Hat USA 2022, Aug. 10, 2022, 1:30 p.m. (40 minutes)

Despite the large number of phone vendors, most Android devices are based on a relatively small subset of system on a chip (SoC) vendors. Google decided to break this pattern with the Pixel 6. From a security perspective, this meant rather than using code that had been tested and used for years, there was a new stack of high value device firmware we needed to get right the first time.

This talk will go over how Android secured the reimagined Pixel 6 before its launch, focusing on the perspective of the Android Red Team. The team will demonstrate how fuzz testing, black box emulators, static analysis, and manual code reviews were used to identify opportunities for privileged code execution in critical components such as the first end-to-end proof of concept on the Titan M2 chip, as well as ABL with full persistence resulting in a bypass of hardware key attestation. Finally, the Android Red Team will demonstrate multiple security-critical demos. This work showcased the value of red teaming, ensuring a more secure and safe Pixel 6 before its release.


Presenters:

  • Christopher Cole - Red Team Lead, Google
    Christopher Cole helped build the Red Team in Android from the ground up. He has led various security organizations for over 10 years, from hacking fighter jets for the government, to securing millions of servers on AWS, to billions of mobile phones on Android.
  • Xuan Xing - Senior Security Researcher, Google
    Xuan Xing is the team engineering lead for the Android Red Team.
  • Eugene Rodionov - Senior Security Researcher, Google
    Eugene Rodionov, PhD, is a Security Researcher at Google on the Android Red Team. In his current position, Eugene focuses on finding and exploiting vulnerabilities in the low-level components of Android platform and Pixel devices. Prior to that, Rodionov performed offensive security research on UEFI firmware for Client Platforms at Intel, and ran internal research projects and performed in-depth analysis of complex threats at ESET. His fields of interest include reverse engineering, vulnerability analysis, firmware security and anti-rootkit technologies. Rodionov is a co-author of the "Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats" book and has spoken at security conferences such as Black Hat, REcon, ZeroNights, and CARO.
  • Farzan Karimi - Red Team Lead, Google
    Farzan Karimi has over 15 years experience in offensive security and software development. He is currently the Engineering Manager of the Android Red Team at Google. In his current position, he manages offensive security operations targeting low-level components within the Android ecosystem. He has previously led enterprise red teams for large technology corporations like Electronic Arts and Microsoft. His areas of focus include application and network security. Farzan has specialized in exploiting and securing game development consoles (devkits). His work on PlayStation and Xbox led to the development of key security features for next generation platforms. Farzan has spoken at security conferences such as Microsoft STRIKE, EA Team Blue and Toro.Hack. He also presented at universities including Georgetown, University of Washington, CalState, and Stevenson. Farzan has publications in PenTest Magazine and has contributed to the book Cyber Attacks: Red Team Strategies, by Johann Rehberger. Farzan holds a BS in Computer Science from Penn State, as well as a Masters from Georgetown University.

Links:

Similar Presentations: