Attacking Gogole's Titan M chip with only one byte
blog.quarkslab.com/attacking-tita
Conversation
the 75k$ seem to quite cheap for google considering the graveness of the bug (stealing keys)...
2
1
It likely only impacts older generation Pixels. Their research was done against a Pixel 3 which has been end-of-life since after October 2021. It almost certainly also impacted the Pixel 3a which has been end-of-life since after May 2022. Unclear which other Pixels it impacts.
1
Titan M2 in 6th generation Pixels is close to a clean break from the previous generations. It's likely not impacted. May impact 4th and 5th generation Pixels but they did make incremental changes to the Titan M on those. They see an issue only impacting older devices differently.
1
1
In the timeline, you can see they seemed unable to replicate it on a Pixel 5. Pixel 3 was already end-of-life at that point. Pixel 3a was still supported but only had a few months left before end-of-life. If it only impacted 3rd gen, there's the reason for the bounty amount.
If it was reported a few months later, they wouldn't have considered it a valid issue unless it impacted 4th or 5th generation Pixels too. It's just how it works: the bounties are for their supported products, and 6th gen Pixels are the first ones with 5 years instead of 3 years.
1
This issue actually impacts all the Pixels, from Pixel 3 up to Pixel 5. We only exploited Pixel 3 and 3a (which was not end of life at the time) because these were the devices we had in our hands. But it is true that we did not tried to reproduce this issue on any Titan M2.
2
Show replies