BlackHat 2022: Quarkslab Reviews "Attack on Titan M Reloaded"

Quarkslab, a French deeptech cybersecurity company that specializes in software protection technologies, today announced that security researchers Damiano Melotti and Maxime Rossi Bellom will lead a briefing on vulnerability research that duo have conducted on Google's Titan M chipset introduced in Pixel 3 through Pixel 5 devices (Pixel 6 features Titan M2) at BlackHat 2022 in Las Vegas. The session "Attack on Titan M Reloaded" is scheduled for Thursday, August 11 at 3:20 PM PDT at Islander FG Level 1 at the Mandalay Bay Convention Center.

The Titan M Chip is a key component for Google Pixel devices. Quarkslab previously analyzed the chip for internal review and protections. Melotti and Bellom will focus on measures they took to research software vulnerabilities they were able to find with limited public information available about the chip.

"We will dive into how Quarkslab's black-box fuzzer works and its associated limitations, and then we'll show how emulation-based solutions can outperform hardware bound approaches," said Melotti. "By combining a coverage-guided fuzzer (AFL++), an emulator (Unicorn) and some optimizations specifically for this target, we found a vulnerability that allowed setting a single byte to 1 with several constraints on the offset. We will present how we managed to obtain code execution from this chip and leaked the secrets contained in the secure module."

Bellom added, "This is the tale of how we mixed together various known techniques and open-source tools against this chip with almost no debugging support and often relying in return codes to develop our tools and exploits. We hope to offer insights into our work to benefit other security researchers probing similar targets."

Melotti is cybersecurity researcher based in Paris who explores solving complex problems in all aspects of security. His passion is in dynamic vulnerability research, systems and mobile security, security engineering. Bellom is a security research engineer working in the embedded and cryptography team at Quarkslab.

Founded 10 years ago, Quarkslab has a dedicated team of cyber-security engineers and developers. The team aim at forcing the attackers, not the defender, to adapt constantly.

Through QLab's consulting expertise and R&D, and their software QFlow and QShield, the experts share and scale their knowledge by making it accessible to everyone. Quarkslab's team believes that security is everyone's concern as there is no freedom if there is no security.

Their expertise combines offensive and defensive security in application protection and helps your organization adopt your new security posture.

About Quarkslab

Quarkslab expertise's combines offensive and defensive security in application protection and helps organizations adopt a new security posture: Force the attackers, not the defender, to adapt constantly. Through our consulting services as well as our software we provide tailored solutions to organizations, helping them protect their assets, sensitive data, and users against increasingly sophisticated attacks.