Earliest start date: February 2023

Wireless interfaces are an attack surface for zero-click remote code execution vulnerabilities. Typically, an attacker would try to find a parsing issue within a wireless chip or in a low-level wireless stack component within the operating system, and then escalate further. Thus, it is of importance to research these interfaces.

Android is available for many platforms with different hardware. Vendors add custom hardware adaption layers for compatibility with Android. However, these interfacing layers are vendor-specific and proprietary. Detailed knowledge about interfaces between components enables security research [1] and building tooling to customize wireless chips and stacks [2, 3]. Due to the proprietary nature of these interfaces, many of them remain undocumented. We have a couple of yet to be researched wireless interfaces, as well as researched interfaces that would profit from developing better tooling.

We offer experience within the Google ecosystem as well as OEMs (Samsung, etc.), including reverse-engineering tips for firmware and user-space daemons. Additionally, due to supervising a lot of theses in this area, we have a collection of example thesis about how to reverse engineer and fuzz such interfaces. We also have rooted up-to-date Android smartphones. For your own safety and security, these are designated research devices and not meant for private usage. When researching a new interface, it is common to uncover new vulnerabilities, which you will report within Google's vulnerability reward program or the OEM's program, and you might be rewarded a bug bounty. We also encourage and financially support you presenting your results at a scientific or security conference.

Please contact us for more details and choosing a task that suits a thesis. A B.Sc. thesis would usually advance tooling for something previously reverse engineered (see [1]), and a M.Sc. thesis is about reverse-engineering an interface and developing tools (see [2]). The precise topic will be tailored to your previous experience. It is recommended to have a reverse-engineering background, e.g., previous participation in CTFs. Depending on the topic, either a strong programming background is required (develop an open-source tool for an Android interface) or a good understanding of software/hardware security is mandatory (fuzzing a protocol, implementing a firmware attack, …).

We are currently getting many requests for this topic area. Please only contact us if you plan to start your thesis by February 2023 or later, or if you have sufficient background knowledge to work on a topic on your own (e.g., are already familiar with Android hacking and don't need an introduction).

[1] ARIstoteles: iOS Baseband Interface Protocol Analysis

[2] InternalBlue - A Bluetooth Experimentation Framework Based on Mobile Device Reverse Engineering

[3] Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements Through Wi-Fi Firmware Modifications.