Next Generation Mobile Rootkits
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the world of next-generation mobile rootkits in this Black Hat EU 2013 conference talk. Delve into the use of hardware security features in last-generation ARM processors to create and conceal rootkits that are virtually undetectable by operating systems. Learn about TrustZone technology, Trusted Execution Environments, and their applications in mobile security. Discover the attacker model, memory management in TrustZone, and the boot process for these advanced rootkits. Gain insights into hardware support, testing environments, and rootkit scheduling techniques. Examine IRQ interception, Secure World setup, and communication methods. Understand the challenges of interoperability and detection methods for these sophisticated mobile threats. Benefit from the speaker's practical experience in developing and hiding an actual rootkit using these cutting-edge techniques.
Syllabus
Intro
Mobile rootkits
What is TrustZone?
About TrustZone
Trusted Execution Environments
Example: Netflix
Attacker Model
How does it work?
Memory in TrustZone
Boot process
By the way
Hardware support
Where to test?
Scheduling the rootkit
IRQ'interception
Secure World Memory Setup
Secure World Initialization
Monitor setup
Lockdown: SCR
Start operating system
Communication
Interoperability
Detection methods
Thank you for staying!
Taught by
Black Hat
Related Courses
Information Security - 5 - Secure Systems EngineeringIndian Institute of Technology Madras via Swayam Mobile Malware - Why the Traditional AV Paradigm Is Doomed
Black Hat via YouTube CaSE- Cache-Assisted Secure Execution on ARM Processors
IEEE via YouTube Develop TrustZone Enabled Applications on STM32L5 ARM MCUs with STM32CubeIDE - Webinar Replay
STMicroelectronics via YouTube Elevating the TrustZone to Achieve a Powerful Android Kernel Exploit
nullcon via YouTube