Awesome
TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices
As more and more mitigations have been introduced into Android, it has become much more difficult to root modern Android devices, in particular, remotely root. This is especially true for Pixel devices as they always have the latest updates and mitigations. In this paper, we will explain why Pixel devices are challenging targets and will give an attack surface analysis of remotely compromising Android. Furthermore, we will introduce an exploit chain, code-named TiYunZong, which can be leveraged to remotely root a wide range of Qualcomm-based Android devices including Pixel Devices. The three bugs are CVE-2019-5870, CVE-2019-5877, CVE-2019-10567. We will also present an effective and stable approach to chain these three vulnerabilities for exploitation without any ROP, despite the fact that ROP is the most common technique to exploit complicated vulnerabilities. The exploit chain is the first reported oneclick remote root exploit chain on Pixel devices and won the highest reward for a single exploit chain across all Google VRP programs