Abstract :

This talk is a detailed technical analysis of a Samsung 0-day exploit chain used in-the-wild. The chain used 3 0-day vulnerabilities. In the talk, I will explain each vulnerability, how it was used and exploited in the chain, how it was fixed, and show a demo. Neither the vulnerabilities nor the exploit chain have been previously shared publicly. Most in-the-wild exploit chains that have been presented in the past have followed the path of browser bugs to a privilege escalation. This novel chain instead uses bugs in the clipboard service and logging before exploiting a bug in the GPU to achieve root access.

The talk makes the information as accessible as possible, even for attendees without a background in vulnerability research and exploitation. The information though is novel and still highly technical so it will also still be interesting for experienced exploit developers.

Speaker: Maddie Stone

"I have experience in presenting on highly technical bugs and exploits in an engaging and accessible way. I study 0-days exploited in-the-wild and think this chain offers techniques and methods not previously seen in other exploit chains that have been presented on publicly".