The 2021 Pwnie Winner For Best Client-Side Bug

Exploiting Samsung Secure Chip (CVE-2020-28341)

Researcher Names: Gunnar Alendal


One chip stack-based buffer overflow to rule them all. Samsung Galaxy S20 got a secure chip hacked by a single dude, completely killing the chip security and exposing all its code and secrets. The exploit can write persistent changes to the firmware and completely ruin the future trust in this CC EAL 5+ certified chip.

Against a black box chip, no less, this discovery is exploited through the front door, aka the logical interface. The vulnerability can also be used to brute force the screen lock. Devastating for Samsung security.