Articles with tag: Android
POSTED BY: Aris Thallas / 08.10.2020

Samsung Hypervisor (RKP) arbitrary zero write

CENSUS ID:CENSUS-2020-0002
CVE ID:CVE-2019-19273
Samsung ID:SVE-2019-16265 (Look for SVE-2019-16265)
Affected Products:Samsung mobile devices running Android O(8.0) and P(9.0) with Exynos 8895 chipset (tested on S8 and Note8 firmware)
Class:"Write What Where" Condition where "What" is always zero (CWE-123)
Discovered by:Aristeidis Thallas

CENSUS identified a bug in RKP, the Samsung EL2 Hypervisor implementation. The bug allows to write the zero 64-bit value to an arbitrary memory address. For the bug to be triggered, code execution is required in the context of the EL1 kernel. The bug was verified on the Samsung S8 and Note8 devices and was fixed by Samsung in the "SMR February-2020 Release 1". The bug may allow an adversary with kernel execution access to circumvent established security controls through the corruption of device memory. Users are urged to follow the latest security updates offered by Samsung for their mobile devices.


POSTED BY: Aris Thallas / 22.07.2020

Emulating Hypervisors: a Samsung RKP case study (OffensiveCon 2020)

Hello, I'm Aris Thallas, a computer security researcher working at CENSUS. Back in February 2020 I had the pleasure of presenting my work on proprietary hypervisor emulation and bug discovery at the OffensiveCon 2020 conference.


POSTED BY: Dimitrios Tatsis / 26.08.2019

Attacking Hexagon: Security Analysis of Qualcomm's aDSP (RECON MONTREAL 2019)

Attending Recon 2019 was an amazing experience with many interesting talks. I would like to thank the organizers for the excellent event and I definitely hope to return next year.


POSTED BY: CENSUS / 27.06.2019

RECON MONTREAL 2019

CENSUS will be participating in the RECON MONTREAL 2019 conference with a presentation by security researcher Dimitrios Tatsis entitled "Attacking Hexagon: Security Analysis of Qualcomm's aDSP".