Cracking the Pixel 8: Exploiting the Undocumented DSP to Bypass MTE
Автор: HITCON
Загружено: 2025-09-29
Просмотров: 368
R0 0815
Last year, we uncovered the first publicly known security vulnerability in Google's proprietary Digital Signal Processors (DSP) embedded in the Pixel 8. This processor was previously undocumented and had not undergone any public security analysis, making reverse engineering and exploitation particularly difficult. Google addressed the issue with a patch earlier this year. Despite early setbacks in our attempts to emulate the DSP firmware, we continued our investigation using dynamic instrumentation and other advanced techniques to better understand its behavior. This persistence led to the discovery of a critical flaw that granted us full kernel code execution and allowed us to bypass all security mitigations on the Pixel 8, including Memory Tagging Extension (MTE).
Billy
Jheng Bing Jhong is a principal researcher of STAR LABS SG, focusing on Android kernel, Linux and VM security, he was the speaker of HITCON, DEFCON, OffbyOne and POC.
Pan Zhenpeng
Pan Zhenpeng is a principal researcher at STAR LABS SG, focusing on Mobile(iOS/Android) and Web security, he was the speaker of Zer0Con, POC, OffensiveCon, 0x41Con, Offbyone and HITB Armory.
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
