Google recently announced patches for several high- and moderate-severity Chromecast vulnerabilities that were exploited earlier this year at a hacking competition.
Google informed customers about the fixes for the Chromecast flaws last week, when it announced the Android security updates for December.
The tech giant told users that the latest update for its streaming device addresses a total of three vulnerabilities affecting AMLogic chips, specifically the U-Boot subcomponent, a one issue in KeyChain, specifically in the System component.
The vulnerabilities were presented in July at the HardPwn USA 2023 hardware hacking competition that took place alongside the Hardwear.io conference in California.
Google, Meta and Parrot products were targeted at the event.
Researchers earned between a few hundred dollars and tens of thousands of dollars for their Chromecast exploits at the event.
Google has credited Nolen Johnson of DirectDefense, Jan Altensen, and Ray Volpe for finding CVE-2023-6181 and CVE-2023-48425; Lennert Wouters, rqu, and Thomas Roth for CVE-2023-48424; and Rocco Calvi and SickCodes for CVE-2023-48417.
DirectDefense last week published a blog post detailing the full Secure Boot exploit chain developed by Johnson, Altensen and Volpe, who have decided not to disclose the exact bug bounty amount.
Their exploit cannot be leveraged directly for remote code execution, but it can aid an attacker in obtaining persistent code execution without the victim's knowledge.
The researchers described three attack vectors, including eMMC fault injection, which allows access to a U-Boot shell but requires advanced hardware hacking, an Android Verified Boot bypass, and a Bootloader Control Block persistence method, which enables a permanent bypass of Secure Boot.
Meaning that once you perform the eMMC fault inject once, the device can be persistently hacked without user knowledge.
TecR0c and Sick Codes told SecurityWeek that their KeyChain exploit earned them only $500, but noted that their research also unveiled some Android vulnerabilities that are currently being reviewed by Google.
Wouters, rqu, and Roth said their Chromecast exploit earned them a total of more than $68,000.
This Cyber News was published on packetstormsecurity.com. Publication date: Mon, 11 Dec 2023 15:43:04 +0000