when google The Pixel 6 and 6 Pro launched in October 2021, and one of its key features was the security benefits of its custom Tensor system-on-chip processor and its onboard Titan M2 security chip. But with so many new devices launching at the same time, the company needs to be extra careful that nothing goes unnoticed or goes wrong. At the Black Hat security conference in Las Vegas on Wednesday, members of the Android red team were speaking about their mission to crack and hack as much as possible before the Pixel 6 firmware was released — a task they accomplished.
The Android red team, which primarily reviews Pixel products, discovered a number of important flaws when trying to hack the Pixel 6. One of them is a vulnerability in the bootloader, the first piece of code that runs when a device starts up. The vulnerability could have been exploited by attackers to gain deep device control. This is especially important because exploits can persist even after a device reboot, a coveted attack capability. Additionally, the red team developed an exploit chain using a set of four vulnerabilities to defeat the Titan M2, a crucial finding given that the security chip needs to be trustworthy in order to act as some kind of sentinel and validator in the phone.
“This is the first time ever that a proof-of-concept of executing end-to-end code on the M2 Titan chip has been publicly talked about,” Farzan Karimi, one of the red team leaders, told WIRED ahead of the talks. “Four vulnerabilities are linked to create this, not all of them are critical in themselves. When you link them together, it’s a mix of high and medium severity that has this impact. Pixel Developers expect red teams to focus these types of work on them, and they’ll be able to patch vulnerabilities in this chain before release.”
The researchers say that the Android red team not only prioritizes finding vulnerabilities, but also spends time developing real exploits for them. This helps to better understand the exploitability of different flaws, and is therefore crucial, and reveals the range of possible attack paths so the Pixel team can develop a comprehensive and resilient fix.
Like other top red teams, the Android team uses a range of methods to find bugs, including manual code reviews and static analysis, automated methods for mapping codebase functionality, and looking for system settings and potential problems in system settings. How the different components interact. The team is also investing heavily in developing tailored “fuzzers” that can then be handed over to the Android team to catch more bugs as development begins.
“A fuzzer is basically a tool that throws malformed data and garbage at a service in order to crash it or reveal some security hole,” Karimi said. “So we built these fuzzers and shipped them to other teams so other teams could run them continuously throughout the year. In addition to finding bugs, our red team has done a really good thing. We really Institutionalize fuzzing.”
