TrustZone Downgrade Attack Opens Android Devices to Old Vulnerabilities

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
An attacker can downgrade components of the Android TrustZone technology to older versions that feature known vulnerabilities and use older exploits against smartphones running an up-to-date operating system.

According to a team of four computer scientists from the Florida State University and Baidu X-Lab, the problem lies in the design of the ARM TrustZone technology, widely deployed with the vast majority of today's Android devices.

Attack exploits TrustZone design flaw
The ARM TrustZone technology is a System on Chip (SoC) representing a secure area of the main processor included in Android smartphones.

It is a special section of the Android kernel that runs its own operating system — the TrustZone OS — that works separately from the main Android OS.

TrustZone is tasked with creating a secure zone where the Android OS can run the most crucial and sensitive operations, like the ones that handle encrypted data. These operations run as special apps — named trustlets — inside the TrustZone OS.

When TrustZone OS loads a trustlet, it first checks its cryptographic digital signature to see if it is signed by the right party. This integrity check aims at removing the risk of loading tampered trustlets.
Click to expand...

Attack successful against most of today's smartphones
The research team proved their attack in tests on devices running the ARM TrustZone technology, such as Samsung Galaxy S7, Huawei Mate 9, Google Nexus 5, and Google Nexus 6.

They replaced updated versions of the Widevine trustlet with an older version that was vulnerable to CVE-2015-6639, a vulnerability in Android's Qualcomm Secure Execution Environment (QSEE) — Qualcomm's name for its ARM TrustZone version that runs on Qualcomm chips. This vulnerability allows attackers root level access to the TrustZone OS, which indirectly grants the attack control over the entire phone.

"As tested, this threat exists in almost all the Android devices on the current market, including Samsung Galaxy S7, Google Pixel, Google Nexus, Huawei Mate 9 (Pro), and their older versions and series," Yue says. "Affected devices also include other smaller phone vendors."

Vulnerability reported and patched
"We have already reported this vulnerability to the affected mobile vendors, and they have integrated patches in their latest updates, as well as fixes for newer device versions," Yue told Bleeping via email.

"To prevent being exploited, it is important for end users to timely update their devices to the latest versions, and apply any available security patches," Yue added.
Click to expand...
 
  • Like
Reactions: Weebarra
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Sad
Technology REPORT: Arm is sensationally canceling the license that allowed Qualcomm to make Snapdragon chips
Replies
1
Views
293
Technology News
Vitali Ortzi
Vitali Ortzi
BigWrench
    • Like
    • Applause
On Sale! Norton 360 Premium 2024 - 10 Devices - 1 Year with Auto Renewal $19.99 (Promo code : SAV33)
Replies
4
Views
691
Discounts and Deals
jetman
jetman
Gandalf_The_Grey
    • Like
    • Wow
Android 15 update is bricking some Pixel 6 devices
Replies
1
Views
168
Android & WearOS
Sammo
Sammo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top