Impalabs

And if you would like to know more about Huawei's TrustZone implementation and its architecture, you can have a look at our Hexacon talk from 2022: 📺youtube.com/watch?v=LxoHSr… 📄github.com/Impalabs/confe…

All the advisories, including those for the other trusted applications, can be found on our blog: ⚠️ #advisories" target="_blank" rel="nofollow noopener">blog.impalabs.com/#advisories

After a bit of delay, we're finally releasing advisories for 139 vulnerabilities we found in 23 trustlets used on Huawei mobile devices. Some of them can be exploited to access the Secure World and retrieve sensitive data. 🧵 A thread of our most interesting findings

Our latest advisory is about a logic bug in Parallels Desktop that can be used to escape from VMs. It stems from a directory traversal and an incorrect use of Qt's strings resulting in unexpected behavior. 📝 blog.impalabs.com/2303_advisory_… 🗃️ github.com/Impalabs/CVE-2…

Our newest advisory is about the Secure Monitor, a component of Huawei's TrustZone. It details 3 vulnerabilities (CVE-2021-39994, CVE-2021-22437, CVE-2021-39993) that we exploited to execute code at EL3, the highest privilege level of Android devices. blog.impalabs.com/2212_advisory_…

Who watches the watchmen? With our latest blogpost and advisory, dive deep into the security hypervisor that protects the Android kernel of Huawei devices, and learn about the vulnerability we exploited to compromise it. 📝 blog.impalabs.com/2212_huawei-se… ⚠️ blog.impalabs.com/2212_advisory_…

Today we are releasing Hyperpom, a fuzzing framework for ARM64 binaries based on the Apple Silicon hypervisor. Check out our latest blogpost, as well as our GitHub repo, to learn more about the project and its internals. 📙 blog.impalabs.com/2211_hyperpom.… 🗃️ github.com/impalabs/hyper…

If you've missed our talk at @hexacon_fr, the recording of “Hara-Kirin: Dissecting Huawei Mobile Devices” is now available! Come with us for a guided tour of Huawei's Hypervisor and TrustZone, and learn about the cool bugs we discovered along the way. youtu.be/LxoHSrrGaNA

Here are the slides of our @hexacon_fr talk about breaking the privileged components of Huawei's mobile devices. Thanks to everyone who attended, we hoped you liked it, and stay tuned for the upcoming blog posts! github.com/Impalabs/confe…

📱 Hara-Kirin: Dissecting the privileged components of Huawei mobile devices by Maxime Peterlin (@lyte__) and Alexandre Adamski (@NeatMonster_)

Here is a follow-up blogpost detailing how we attacked Samsung RKP. We reveal 3 vulnerabilities we have used to compromise the security hypervisor and its assurances. We also explain our exploitation paths and look at the patches released by Samsung. blog.impalabs.com/2111_attacking…

Here's a short follow-up to our presentation on exploiting Samsung's Neural Processing Unit. This blogpost explains how we got control of the NPU, before using it as a foothold to attack the Android kernel. blog.impalabs.com/2110_exploitin…

Here are the slides for the presentation we gave at #barbhack21 about reversing and exploiting Samsung's NPU. Thanks a lot to everyone at @_barbhack_ for such a cool event and we hope to see you guys next year! raw.githubusercontent.com/Impalabs/confe…

Our security research blog is live! Stay tuned for our upcoming articles about reverse engineering, vulnerability research and exploit development. blog.impalabs.com