Presented at
DEF CON 28 (2020) Virtual,
Aug. 7, 2020, 10:30 a.m.
(30 minutes)
Wireless coexistence enables high-performance communication on platforms with a small form factor despite overlapping frequency bands. On-chip coexistence is essential to combine wireless technologies, and manufacturers implement various proprietary solutions. This presentation demonstrates multiple attacks on two coexistence features of Broadcom and Cypress Wi-Fi/Bluetooth combo chips. Various popular devices that were released over a decade are affected, such as the Google Nexus 5 and iPhone 6, but also the newest iPhone 11 and Samsung Galaxy S20.
On the analyzed chips, Wi-Fi and Bluetooth run on separate processing cores, but various information leaks and even code execution become possible through their coexistence interfaces. As these escalations concern an internal chip interface, the operating system cannot prevent them. However, coexistence exploitation widens the possibilities to escalate into drivers and the operating system on top.
Presenters:
-
Jiska Classen
- Secure Mobile Networking Lab
jiska likes to break things, and Francesco loves reverse engineering. They both have a history in binary patching on Broadcom chips. While jiska focuses on the Bluetooth side of this project, Francesco is the Wi-Fi specialist.
@naehrdine
-
Francesco Gringoli
- University of Brescia
Links:
Similar Presentations: