Dancing with Exynos Coprocessor: Pwning Samsung for fun and “profit”
DAY 1
10:50-
11:30
Over the past year, we identified and reported 13 security vulnerabilities (CVEs) in Samsung’s Exynos SoC, primarily affecting the NPU and GPU subsystems. These bugs—many of which were exploitable—have since been patched by Samsung as of June 2025. In this talk, we focus on the Exynos NPU: we’ll walk through recurring bug patterns, analyze the exposed attack surface, and explore why these coprocessors remain an attractive target. We will then dive into the exploitation side—demonstrating how some of these vulnerabilities can be leveraged to gain arbitrary read/write (AARW) on devices like the Galaxy A35, A55, and S24+. Beyond that, we’ll show how to chain primitives to bypass the hypervisor and escalate to full kernel code execution The session also reflects on our experience collaborating with Samsung’s product security team, and offers an honest perspective on working through the ISVP, including incentives, technical feedback, and timelines.
-
Location :
-
Track 1(HALL B)
-
-
Category :
-
Technical
-
-
Share :
Speakers
-
Bing Jhong Jheng
ビン・ジョン・ジェン
Jheng Bing Jhong is a principal researcher of STAR LABS, focusing on Linux, VM and mobile security, he was the speaker of HITCON, DEFCON, OffbyOne and POC 2024
-
Muhammad Ramdhan aka Ramdhan
ムハンマド・ラムダン(aka Ramdhan)
Muhammad Alifa Ramdhan is a principal researcher of STAR LABS, focusing on Linux Kernel, VM and mobile security, he was the speaker of DEFCON 30, HITCON 2021.
-
ZhenPeng Pan aka Peterpan0927
ゼンペン・パン(aka Peterpan0927)
Pan Zhenpeng is a principal researcher at STAR LABS SG, focusing on Mobile(iOS/Android) and Web security, he was the speaker of Zer0Con, POC{2022, 2024}, OffensiveCon, 0x41Con, Offbyone, HITCON and HITB Armory.