Talk Title:

EL3vated Privileges: Glitching Google Wifi Pro from Root to EL3

Abstract:

Google products frequently leverage modern system-on-chips from leading semiconductor manufacturers. The Google Wifi Pro router, built around Qualcomm's IPQ5018 SoC, is no exception. While sophisticated, multi-layered security architectures may be present in such devices, hardware attacks like Fault Injection remain highly effective at bypassing their protections.

In this talk we show how powerful attacks can be performed by coupling software exploitation skills along with glitching capabilities. Our attack chain begins by exploiting a bootloader vulnerability and obtaining a persistent root shell. We then use an electromagnetic glitch to introduce a fault that allows us to write an arbitrary value with Secure Monitor (EL3) privileges. We use this arbitrary write to modify the configuration of the XPU responsible for protecting the secure memory areas in DDR. This allows us to disable secure memory protection and patch the Secure Monitor code directly from Linux userspace (NS-EL0).

Also, our talks cover our systematic characterization of the Qualcomm's IPQ5018 SoC by means of a purposely built Linux Kernel Module (LKM). By using our glitch analyzer, we show how visualization can be a powerful tool in strategizing fault injection attacks. Finally, we contextualize the attack and discuss potential countermeasures by using our publicly available Fault Injection Reference Model (FIRM).

Speaker Bio:

Cristofaro Mune is a Co-Founder and Security Researcher at Raelize and he has been in the security field for 20+ years. He has 15+ years of experience with evaluating SW and HW security of secure products.

His research on Fault Injection, TEEs, Secure Boot, White-Box cryptography, IoT exploitation and Mobile Security has been presented at renowned international conferences and in academic papers.