Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized... Membership! Membership!

Tweet Register as an member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

IT Briefcase Exclusive: BlackHat 2022 Highlights: Quarkslab Demonstrates Google Pixel Chipset Vulns

August 10, 2022 No Comments

By Peter R. Kelley

Among the top ten presentations at Blackhat 2022 that news watchers are anticipating is new analysis from French deeptech cybersecurity company Quarkslab on the Titan M modern security chipset, a key component in Google Pixel 3-5 devices.

The session “Attack on Titan M Reloaded” will be held on Thursday, August 11 at 3:20 PM PDT at Islander FG Level 1 at the Mandalay Bay Convention Center, led by Quarkslab security researchers Damiano Melotti and Maxime Rossi Bellom.

Quarkslab’s mobile security research team is acknowledged as among the most advanced, and the demonstration of a Pixel RCE via the chip is widely anticipated.

Melotti and Bellom will focus on measures they took to research software vulnerabilities they were able to find with limited public information available about the chip.

“We will dive into how Quarkslab’s black-box fuzzer works and its associated limitations, and then we’ll show how emulation-based solutions can outperform hardware bound approaches,” said Melotti. “By combining a coverage-guided fuzzer (AFL++), an emulator (Unicorn) and some optimizations specifically for this target, we found a vulnerability that allowed setting a single byte to 1 with several constraints on the offset. We will present how we managed to obtain code execution from this chip and leaked the secrets contained in the secure module.”

Bellom said: “This is the tale of how we mixed together various known techniques and open-source tools against this chip with almost no debugging support and often relying on return codes to develop our tools and exploits.  We hope to offer insights into our work to benefit other security researchers probing similar targets.”

Founded 10 years ago, Quarkslab’s cyber-security engineers and developers work to require attackers – rather than defenders — to continually adapt and shift in response to powerful defenses. The company is recognized for its track record in protecting companies and their assets against increasingly sophisticated attacks. Quarkslab has garnered several awards and distinctions over the last five years, such as recognitions in the Minipol Innovation Awards, the Digital Top 50, IE Club Global Leader, the NATO inaugural defense innovation challenge, the Gartner Cool Vendor Award, and the PWC Top 10 next generation cybersecurity solutions.

Through QLab‘s consulting expertise and R&D, and their software QFlow and QShield, the experts share and scale their knowledge by making it accessible to everyone, with the ethos that security is everyone’s concern as there is no freedom if there is no security.

Maxime Rossi BellomDamiano Melotti

Maxime Ross Bellom & Damiano Melotti




Sorry, the comment form is closed at this time.