An infestation of dragons: Exploring vulnerabilities in … (by Josh Thomas and Charles Holmes)
iSpeech
Talk on "An infestation of dragons: Exploring vulnerabilities in the ARM TrustZone architecture" by Josh Thomas and Charles Holmes at the Android Security Symposium in Vienna, Austria, 9-11 September 2015
https://usmile.at/symposium/program/2015/thomas-holmes
*** Abstract ***
ARM TrustZone is being heavily marketed as a be all solution for mobile security. Through extensive marketing promising BYOD, secure PIN entry, and protection against APT (http://www.arm.com/products/processors/technologies/trustzone/index.php) and the prevalence of ARM devices on mobile platforms, millions of devices now contain an implementation of TrustZone. However, the current drivers for TrustZone adoption primarily relate to vendor lock and Digital Rights Management (DRM), rather than increasing the difficulty in compromising user data. Further, due to TZ architecture, the inclusion of DRM protections provide a net reduction in real world security provided to the device owner.
In this talk, we provide an overview of the ARM TrustZone architecture as utilized by modern Android, Blackberry, and Windows phones. We discuss its potential, its current use cases, its shortcomings, and its impact on the security of modern phones. At this point, we dive into the details of the Qualcomm implementation, which is utilized on the flagship mobile devices from each major vendor, excluding Apple. Specifically, we cover vulnerabilities in codebases from Qualcomm, OEM Vendors, and 3rd Parties, as well as attack surface, exploitation pathways, difficulties, and successes.
*** Android Security Symposium ***
The Android Security Symposium was funded by the Christian Doppler Forschungsgesellschaft (CDG) from funds of the Federal Ministry of Science, Research and Economy (BMWFW) and the Nationalstiftung für Forschung, Technologie und Entwicklung. The symposium was organized by the Josef Ressel Center u'smile at the University of Applied Sciences Upper Austria in Hagenberg in cooperation with SBA Research and the Institute of Networks and Security (INS) at Johannes Kepler University Linz.
This video is provided by the Josef Ressel Center for User-friedly Secure Mobile Environments (u'smile), a research group at the University of Applied Sciences Upper Austria.
Copyright (c) FH OÖ Forschungs & Entwicklungs GmbH • All rights reserved. • https://usmile.at/impressum
video, sharing, camera phone, video phone, free, upload
2015-09-17 08:44:58
source
Gloss