Time Table

Last year, we discovered the first known security vulnerability in Google’s proprietary NPU (Neural Processing Unit) processor used in the Pixel 8. Google patched the issue earlier this year. This NPU is undocumented and had never been publicly analyzed before, presenting a significant challenge to reverse engineering and exploitation.

Although our initial attempts to emulate the processor were unsuccessful, we persisted by using dynamic instrumentation techniques and other tricks to gain insight into its behavior. Through this effort, we uncovered a critical bug that allowed us to achieve full kernel code execution and bypass all mitigations on the Pixel 8 including MTE.

To build a complete exploit chain, we also identified and chained two additional vulnerabilities, enabling exploitation from a less privileged context. Our research demonstrates a deep exploration into a previously opaque component, and reveals new attack surfaces in modern Android hardware.