The presentation discusses a USB attack on a smartphone using a vulnerability in the Linux kernel. The attack requires physical access to the device and a low activity slab. The presentation also covers challenges and mitigations for the attack.
- The attack requires physical access to the device and a low activity slab
- Winning the race is a main challenge for the attack
- Cache behavior can make it hard to predict where control is taken
- Address-based layout randomization is a hurdle that needs to be overcome
- Code and data protections can be mitigated by looking for other attack paths
- Heap hardening techniques can make the attack impossible to execute
The presenters demonstrated the attack on a smartphone by inserting a USB device to trigger the vulnerability and gain code execution in the context of the Linux kernel. They then launched a reverse shell on the phone that connected to a netcat instance, giving them root privileges and access to the phone's data. The attack could also unlock the device and give immediate access to all stored data.