Program

/

CODE BLUE 2025

Time Table

Dancing with Exynos Coprocessor: Pwning Samsung for fun and “profit”

DAY 1

10:50-11:30

Over the past year, we identified and reported 13 security vulnerabilities (CVEs) in Samsung’s Exynos SoC, primarily affecting the NPU and GPU subsystems. These bugs—many of which were exploitable—have since been patched by Samsung as of June 2025. In this talk, we focus on the Exynos NPU: we’ll walk through recurring bug patterns, analyze the exposed attack surface, and explore why these coprocessors remain an attractive target. We will then dive into the exploitation side—demonstrating how some of these vulnerabilities can be leveraged to gain arbitrary read/write (AARW) on devices like the Galaxy A35, A55, and S24+. Beyond that, we’ll show how to chain primitives to bypass the hypervisor and escalate to full kernel code execution The session also reflects on our experience collaborating with Samsung’s product security team, and offers an honest perspective on working through the ISVP, including incentives, technical feedback, and timelines.

  • Location :

    • Track 1(HALL B)

  • Category :

    • Technical

  • Share :

Speakers

  • ビン-ジョン・ジェン の写真

    Bing-Jhong Jheng

    ビン-ジョン・ジェン

    Bing-Jhong Jheng is a principal researcher of STAR LABS, focusing on Linux, VM and mobile security, he was the speaker of HITCON, DEFCON, OffbyOne and POC 2024

  • ムハンマド・ラムダン の写真

    Muhammad Ramdhan

    ムハンマド・ラムダン

    Muhammad Alifa Ramdhan (aka Ramdhan)is a principal researcher of STAR LABS, focusing on Linux Kernel, VM and mobile security, he was the speaker of DEFCON 30, HITCON 2021.

  • パン ゼンペン の写真

    Pan ZhenPeng

    パン ゼンペン

    Pan Zhenpeng is a principal researcher at STAR LABS SG, focusing on Mobile(iOS/Android) and Web security, he was the speaker of Zer0Con, POC{2022, 2024}, OffensiveCon, 0x41Con, Offbyone, HITCON and HITB Armory.