As more and more mitigations have been introduced into Android, modern Android devices become much more difficult to be rooted, in particular, remotely rooted. This is especially true for Pixel Devices as they always have the latest updates and mitigations. In this presentation, we will explain why Pixel devices are difficult targets and will give an attack surface analysis of remotely compromising Android. Furthermore, we will introduce an exploit chain, named TiYunZong, which can be leveraged to remotely root a wide range of Qualcomm-based Android devices including Pixel Devices. The exploit chain includes three new bugs, which are CVE-2019-5870, CVE-2019-5877, CVE-2019-10567.
By Guang Gong
Full Abstract & Presentation Materials: https://www.blackhat.com/us-20/briefings/schedule/#tiyunzong-an-exploit-chain-to-remotely-root-modern-android-devices—pwn-android-phones-from—to—20381