Xiaomi The Money - Our Toronto Pwn2Own Exploit and Behind The Scenes Story

Presented at DEF CON 32 (2024), Aug. 9, 2024, 1:30 p.m. (45 minutes).

At Pwn2Own Toronto 2023, NCC Group was one of the two teams that compromised the Xiaomi 13 Pro. The exploit chain involved using a malicious HTML hyperlink and uploading a potentially malicious application to the Xiaomi app store. However, this talk is not just about the technical details of the exploit. While researching the final exploit, NCC Group discovered how an exploit could work in one region of the world, but not in other regions, and how the researchers had to travel to Canada for a day just to test if the exploit would work in Canada. This talk also discusses just how far Xiaomi is willing to go to make sure their device isn't hacked at Pwn2Own, and why only two teams were able to successfully compromise the device during the competition.

Presenters:

• Ilyes Beghdadi - Senior Application Security Engineer at Census Labs
  Ilyes is a Senior Application Security Engineer at Census Labs. At the time of the Pwn2Own research and entry, he was a Security Consultant at NCC Group who worked on reverse engineering Android malware.
• Ken Gannon - Principal Security Consultant at NCC Group
  Ken is a Principal Security Consultant at NCC Group who specializes in mobile security and doing security research on mobile devices. He occasionally complains about Xiaomi and other phone manufacturers.

Similar Presentations:

• DEF CON 26 (2018) / Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices
• REcon Brussels 2018 / Reversing IoT: Xiaomi ecosystem
• DEF CON 30 (2022) / Digging into Xiaomi’s TEE to get to Chinese money