Attacking Your Trusted Core: Exploiting Trustzone on Android

Black Hat USA 2015

Presented by: Di Shen
Date: Thursday August 06, 2015
Time: 09:00 - 09:25
Location: Mandalay Bay EF

For years fingerprint scanning has been supported in many Android devices. Fingerprint scanning on ARM always needs an implementation of TrustZone. While we enjoy unlocking devices and paying by fingerprint, we also figure out these new features bring out some new attack surfaces. Attacking the kernel of Android or the secure world of TrustZone may be not impossible.

Theoretically, devices developed with TrustZone technology can support a full Trusted Execution Environment (TEE). TEE runs in a special CPU mode called secure mode, so memory for secure mode and security functions can be hidden to the normal world. In this way, Android vendors can provide many secure features such as fingerprint scanning, DRM, kernel protection, secure boot, and so on.Even though TrustZone is designed for solving security problems, there may be some security issues inside when a developer implements a TEE for Android. The Huawei Hisilicon Kirin 925 processor is the new chip being used on the Huawei Ascend Mate 7, and Hisilicon implemented its own TEE software. There are few documents about it. I found some vulnerabilities both in a normal Android world and the secure world while analyzing Hisilicon's TEE OS.In this talk, I'll show how to analyze the TEE architecture of Huawei Hisilicon and find some new vulnerabilities in such an undocumented black hole. Then, I'll talk about exploit development in TrustZone. I exploited two bugs, one for rooting Androids normal world and disabling the newest SE for Android, the other for running shellcode in secure world. With these exploits, we can get the fingerprint image or bypass some other security features.

Di Shen

Di Shen is a security researcher from Qihoo360 who focuses on Android.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats