Talk Title:

Google Nest Wifi Pro Bypassing Android Verified Boot

Abstract:

This talk will discuss two vulnerabilities (CVE-2024-22004 and CVE-2024-22013) found in the latest Google Nest Wi-Fi router and the exploitation process, which can allow an attacker with physical access to fully bypass Android Verified Boot on the system and gain persistence, ensuring that the compromised software remains on the device between reboots.

Speaker Bio:

Sergei Volokitin work is mostly focused on security testing of embedded systems and mobile devices. He has a number of publications on Java Card platform attacks and conference presentations on hardware security.