Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot

Presented at DEF CON 21 (2013), Aug. 2, 2013, 3 p.m. (45 minutes).

Google TV is intended to bring the Android operating system out of the mobile environment and into consumers' living rooms. Unfortunately, content providers began to block streaming access to popular content from the Google TV platform which hindered its reach. Furthermore, the first generation of Google TV hardware used an Intel powered x86 chipset that fractured Google TV from that of the traditional ARM based Android ecosystem, preventing most Android applications with native code from functioning properly. In our previous presentation at DEFCON 20, we discussed exploits found in the first generation of Google TV hardware and software. This presentation will be geared towards the newly released second generation of devices which includes models from a wider variety of OEM's such as Asus, Sony, LG, Vizio, Hisense, and Netgear. Our demonstration will include newly discovered and undisclosed hardware exploits, software exploits, and manufacturer mistakes as well as discuss in detail how to exploit the new Secure Boot environment on the Marvell chipset. In order to bypass Secure Boot on the Google TV we will release two separate exploits which will allow users to run an unsigned bootloader on Google TV devices. One of which affects specific configurations of the Linux kernel that can also be used for priviledge escalation against a multitude of other embedded devices. Finally, after our talk make sure to stop by the Q&A room and ask us a question. We have a limited number of USB TTL adapters to give away for free to aid the community in bootloader and kernel development.

Presenters:

  • Panel
  • Amir Etemadieh / Zenofex - Research Scientist at Accuvant LABS   as Amir Etemadieh
    Amir Etemadieh (@Zenofex) founded the GTVHacker group and has been working on the GTVHacker project from its initial start in November 2010. Amir is on the research and development team at Accuvant LABS and prior to his employment conducted independent research in consumer devices including the Logitech Revue, Ooma Telo, Samsung Galaxy S2, Boxee Box as well as services such as the 4G Clear Network.
  • CJ Heres / CJ_000 - IT consultant   as CJ Heres
    CJ Heres (@cj_000) is an IT consultant by day who enjoys breaking devices ranging from washing machines to Blu-Ray players. His philosophy is to use a simple approach for complex problems. CJ's recent work includes independent research on Hospira and Alaris IV infusion pumps, as well as consumer electronics such as the Roku, Google TV, Boxee Box, and Vizio Smart TV's.
  • Mike Baker - Co-Founder OpenWrt
    Mike Baker (@gtvhacker) (aka [mbm]) is a firmware developer, better known as the Co-Founder behind OpenWrt. He hacks stuff.
  • Hans Nielsen - Senior Security Consultant at Matasano
    Hans Nielsen (@n0nst1ck) is a security wizard at Matasano Security. When he isn't busy protecting your in-house and external applications from evil, he enjoys hacking apart consumer electronics and designing prototype boards. Hans is a tinkerer at heart with an ability to quickly reverse hardware and software through whatever means necessary.

Links:

Similar Presentations: