3 matches found
Lifting the (Hyper) Visor: Bypassing Samsung’s Real-Time Kernel Protection
Posted by Gal Beniamini, Project Zero Traditionally, the operating system’s kernel is the last security boundary standing between an attacker and full control over a target system. As such, additional care must be taken in order to ensure the integrity of the kernel. First, when a system boots, t...
Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Exploit
Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=980 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS...
Google Android - RKP EL1 Code Loading Bypass
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=981 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS kernel running in EL1 remains protected from exploit...