Can you get root with only a cigarette lighter? (2024)
3 days ago
- #fault-injection
- #hardware-exploitation
- #linux-security
- Fault injection can be used to exploit hardware vulnerabilities, including electromagnetic fault injection (EMFI) with low-cost tools like a piezo-electric BBQ igniter.
- A practical demonstration involved exploiting a Samsung S3520 laptop's DDR bus to induce memory errors using a simple setup with a resistor and wire.
- The exploit strategy involved flipping specific bits in memory to manipulate CPython objects, leading to a sandbox escape and arbitrary memory read/write capabilities.
- A more advanced exploit targeted Linux's virtual memory system, using bit-flips to gain root access by manipulating page tables and the Translation Lookaside Buffer (TLB).
- The exploit was demonstrated by replacing the first page of the /usr/bin/su executable with a custom ELF program that spawns a root shell.
- Potential applications include bypassing anti-cheat software on PCs or SafetyNet/Play Integrity checks on Android devices.
- Open questions remain about the exploit's effectiveness on newer memory technologies (DDR4, DDR5), ARM architectures, and ECC mitigation strategies.