Attacking Gogole's Titan M chip with only one byte
blog.quarkslab.com/attacking-tita
Conversation
the 75k$ seem to quite cheap for google considering the graveness of the bug (stealing keys)...
2
1
It likely only impacts older generation Pixels. Their research was done against a Pixel 3 which has been end-of-life since after October 2021. It almost certainly also impacted the Pixel 3a which has been end-of-life since after May 2022. Unclear which other Pixels it impacts.
1
Titan M2 in 6th generation Pixels is close to a clean break from the previous generations. It's likely not impacted. May impact 4th and 5th generation Pixels but they did make incremental changes to the Titan M on those. They see an issue only impacting older devices differently.
In the timeline, you can see they seemed unable to replicate it on a Pixel 5. Pixel 3 was already end-of-life at that point. Pixel 3a was still supported but only had a few months left before end-of-life. If it only impacted 3rd gen, there's the reason for the bounty amount.
1
If it was reported a few months later, they wouldn't have considered it a valid issue unless it impacted 4th or 5th generation Pixels too. It's just how it works: the bounties are for their supported products, and 6th gen Pixels are the first ones with 5 years instead of 3 years.
1
Show replies