After an in-depth analysis of the NPU OS and its interaction with the Android kernel, this second part gives a more offensive outlook on this component. We will go through the main attack vectors to target it and detail two vulnerabilities that can be chained together to get code execution in the NPU from the NPU driver before pivoting back into the kernel.
This article is the second part of a series about reversing and exploiting Samsung’s Neural Processing Unit. NPUs are generally used to provide dedicated computing power for machine learning and AI-related algorithms. While it could make for an interesting article, if you’ve read the first part, you know that our primary interest is rather the underlying custom OS Samsung has implemented for its NPU.
Part 1 focused on reverse engineering almost exhaustively what could be considered the kernel of the NPU OS, i.e. all the subsystems related to memory allocation, task scheduling, event handling, etc. While reading it is encouraged to understand this second part, it’s not a prerequisite. We will try to provide the necessary context along the way so that you can still follow easily.
In this second part, we will detail two vulnerabilities that were identified while reverse-engineering the NPU OS. We will also explain how an exploit can be constructed to trigger a buffer overflow in the Android kernel from a user able to access the NPU driver.