Physical Attacks Against Smartphones

Presented at DEF CON 31 (2023), Aug. 12, 2023, 11:30 a.m. (45 minutes)

Android devices are constantly improving their security to protect against attackers with physical access, with new protection techniques being added year-by-year. This talk aims to demonstrate vulnerabilities in modern Android smartphones that are still viable, despite the mitigations in place. In the first phase of this talk, we will discuss analysis and exploitation of vendor-customised versions of Android's Recovery mode, demonstrating weaknesses that allow for privilege escalation to root, and traversal from Recovery to Android, without Bootloader access, using nothing but a Micro SD card. In the second phase, we will discuss weaknesses in the Secondary Bootloader of devices produced by a popular smartphone manufacturer. We will demonstrate how, using a vulnerability in the core USB stack, code execution can be achieved, and a modified Android image can be booted, without compromising the functionality of the device.

Presenters:

• Christopher Wade - Hacker
  Christopher (@Iskuri1) is a seasoned security researcher. His main focuses are in reverse engineering firmware and fingerprinting USB and NFC vulnerabilities, with his key strength lying in bootloader exploitation.

Links:

• https://forum.defcon.org/node/245736

Similar Presentations:

• DEF CON 29 (2021) / Breaking Secure Bootloaders
• Black Hat USA 2021 / Breaking Secure Bootloaders
• Summercon 2010 / Android Hax