Attack on Titan M: Vulnerability Research on a Modern Security Chip

The Titan M chip was introduced by Google in their Pixel 3 devices, improving their security by adding a specialized module that implements some hardware-backed APIs, and acts as a Root of Trust. In a previous study, we analyzed this chip and presented how it works, its internals and protections. Based on this acquired background, in this new talk we will focus on how we performed software vulnerability research on such a constrained target.

We will dive into how our black-box fuzzer works and its associated limitations. We then show how emulation-based solutions manage to outperform hardware-bound approaches. By combining a coverage-guided fuzzer (AFL++), an emulator (Unicorn) and some optimizations tailored for this target, we managed to find an interesting vulnerability, which was only allowing to set a single byte to 1, with several constraints on the offset. Despite looking hard to exploit, we present how we managed to obtain code execution from it, and leak the secrets contained in the secure module.

This talk is the tale of how we mixed together various known techniques and open source tools, against such a mysterious chip, with almost no debugging support. Often relying only on return codes to develop our tools and exploits, we hope to offer interesting insights for other security researchers studying similar targets.

Talk outline

Brief intro on Titan M

  • Why it was introduced
  • What it provides
  • What we know so far, focused on software side
  • How to communicate with the chip

How to do vulnerability research on such a target

  • Black-box fuzzing
  • Emulation-based fuzzing

How all this comes together: 0-day vulnerability + exploitation.

  • Description of the vulnerability
  • Triggering it
  • Debugging an exploit, with no feedback from the device

Conclusion

  • Impact & results of the vulnerability
  • Wrap-up on tools used and takeaways

About the Speakers