Android runs sensitive applications in the so-called "secure world". These trusted applications (TAs) handle sensitive operations such as authentication, key management, or DRM. As they interact with regular Android applications from the normal world, vulnerabilities in these applications compromise the secure world and give adversaries access to privileged data. Our …
read moreOther articles
The AIpocalypse or how LLM-based exploitation is the new normal
In the last 3-4 months, AI models have made an immense jump in exploitation capabilities. Several talks and blog posts highlight the "new" capabilities of frontier AI models. The agents have learned from countless CTF writeups, research papers on exploitation techniques, and conference talks/demonstrations on how to automate diverse …
read moreSysyphuzz: the pressure for more coverage
Fuzzing faces a key challenge: after running for an extensive time, coverage plateaus and will no longer increase despite extensive mutations. Only new seed inputs or mutation operators will likely change that. We have observed that for Syzbot fuzzing in the Linux kernel has essentially plateaued due to Google's multi-year …
read more39c3: Master reset in Hamburg
Another year, another CCC. As every year, I went to Hamburg to appreciate all galactic life forms in their diverse multi-dimensional environment. My goal this year was the usual meet ups with friends I haven't seen in a long time, get inspired for new research directions, to catch some talks …
read moreNot To Be Trusted - A Fiasco in Android TEEs
Android has become a diverse, multi-faceted, and complex ecosystem. In our research, we came across a Xiaomi Redmi Note 11S and wanted to get root. This is our journey from unprivileged user-land to the most secure layer of Android through a chain of three (or four) bugs as presented at …
read moreAISec and the exploration of the Chinese soul
Just a few weeks ago, Chao Zhang invited me to a workshop in AI security at Tsinghua University in Beijing. Chao and myself overlapped as post docs in Dawn Song's BitBlaze group at UC Berkeley and we're both deeply interested in low level systems security, binary analysis, fuzzing, and mitigation …
read moreDroidot: Vulnerable Native Libraries on Android
Android is a complex platform with diverse, concurrently running services. Looking at user-space the assumption is that each app is isolated from all others running on top of the rich Android runtime system. Unfortunately, the available system libraries are heavily limited and Android apps often ship diverse libraries. These libraries …
read moreNASS: Fuzzing Native Android System Services
Android is a complex platform with diverse, concurrently running services. In the past, we focused on privileged components such as fuzzing the secure monitor with EL3XIR, targeting trusted applications, or even surveying the use of rollback counters in trusted applications.
As more and more components get secured and hardened, we …
read moreSuRI'25 on Security, Systems, and Formal Methods
The Summer Research Institute (SuRI) is a premier venue to discuss recent research results. Each year we invite the top faculty in a given topic to present their research in front of an interested crowd of students, faculty, researchers, fellows from EPFL, the Vaud area, Switzerland, and abroad.
This year …
read more