Conference:  Defcon 31

Authors: Dennis Giese

2023-08-01

Exactly 5 years ago we were presenting ways to hack and root vacuum robots. Since then, many things have changed. Back then we were looking into ways to use the robots' "dumb" sensors to spy on the user (e.g. by using the ultrasonic sensor). But all our predictions were exceeded by the reality: today's robots bring multiple cameras and microphones with them. AI is used to detect objects and rooms. But can it be trusted? Where will pictures of your cat end up? In this talk we will look at the security and privacy of current devices. We will show that their flaws pose a huge privacy risk and that certification of devices cannot be trusted. Not to worry, though - we will also show you how to protect yourself (and your data) from your robot friends. You will learn on how you can get root access to current flagship models of 4 different vendors. Come with us on a journey of having fun hacking interesting devices while preventing them from breaching your privacy. We will also discuss the risks of used devices, for both old and new users. Finally, we will talk about the challenges of documenting vacuum robots and developing custom software for them. While our Primary goal is to disconnect the robots from the cloud, it is also for users to repair their devices - pwning to own in a wholesome way.

Conference:  Black Hat Asia 2023

Authors: Yong Wang

2023-05-11

Pixel 6 is the first phone to rock the new Tensor chip, fully designed and developed by Google. Shipping with Linux kernel 5.10, there are many new changes and challenges for rooting. However, there is little change in the attack surfaces.In this talk, I will first review an old and public vulnerability exploited in the wild, and detail how to create the PoC step by step. Even without Variable Analysis, you can find another similar issue and create a new PoC in less than 10 minutes. The same PoC implicitly triggers another Use-After-Free vulnerability without the kernel panic. Before diving into how to exploit those two bugs, I will briefly discuss the changes and challenges for rooting Android 12/13 devices. Then, I will respectively detail how to exploit those two vulnerabilities, bypass the general mitigations (KASLR, UAO, PAN, etc), and root Pixel 6 from Android 12 to Android 13 with a 100% success rate.During the presentation, I will give the exploit demo of rooting Pixel 6. In summary, the vulnerabilities and the ideas of exploitation have not been thoroughly presented in any previous talks.