Elise Amber Katze
Security researcher cats with a love for breaking embedded devices. Worked in the past on Nintendo Switch hacking and also held a talk on that at GPN21.
Session
12-29
14:45
60min
Making the Magic Leap past NVIDIA's secure bootchain and breaking some Tesla Autopilots along the way
Elise Amber Katze
The Tegra X2 is an SoC used in devices such as the Magic Leap One, and Tesla's Autopilot 2 & 2.5 promising a secure bootchain. But how secure really is the secure boot? In this talk I go over how I went from a secured Magic Leap One headset, to exploiting the bootloader over USB, to doing fault injection to dump the BootROM, to finding and exploiting an unpatchable vulnerability in the BootROM's USB recovery mode affecting all Tegra X2s.
Security
Zero