Attack on Titan M, Reloaded: Vulnerability Research on a Modern Security Chip

The presentation discusses the use of fuzzing to discover vulnerabilities in the Titan M chip and the importance of implementing strong security measures.

• The Titan M chip is used to mitigate side channel attacks and communicates with Android through hardware buses.
• Black box fuzzing and emulation-based fuzzing are effective methods for discovering vulnerabilities in the chip.
• A critical zero-day vulnerability was discovered and used to leak strongbox keys.
• Implementing strong security measures, such as user authentication, can mitigate vulnerabilities.
• Updating the VMware is the best mitigation for the discovered vulnerability.

The researchers were able to interact with the chip from the hardware level by solving the ratio of the 64 pins of the chip onto a breaker board and then back to the footprint on the smartphone. This allowed them to discover vulnerabilities and execute code on the chip.

The Titan M chip was introduced by Google in their Pixel 3 devices, and in a previous study, we analyzed this chip and presented its internals and protections. Based on this acquired background, in this new talk we will focus on how we performed software vulnerability research on such a constrained target, despite the limited information available. We will dive into how our black-box fuzzer works and its associated limitations. We then show how emulation-based solutions manage to outperform hardware-bound approaches. By combining a coverage-guided fuzzer (AFL++), an emulator (Unicorn) and some optimizations tailored for this target, we managed to find an interesting vulnerability, which was only allowing to set a single byte to 1, with several constraints on the offset. Despite looking hard to exploit, we present how we managed to obtain code execution from it, and leaked the secrets contained in the secure module.This talk is the tale of how we mixed together various known techniques and open source tools, against such a mysterious chip, with almost no debugging support. Often relying only on return codes to develop our tools and exploits, we hope to offer interesting insights for other security researchers studying similar targets.