YoVDO

Breaking Samsung's ARM TrustZone

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses ARM Architecture Courses Symbolic Execution Courses

Course Description

Overview

Explore an in-depth presentation on exploiting Samsung's ARM TrustZone implementation, focusing on leveraging new attack surfaces to hijack and exploit trusted components. Delve into the internals and interactions of Samsung-developed components, and examine various vulnerabilities that can be exploited to execute code at EL3, the highest privilege level on ARM-based systems. Learn about embedded security, runtime confirmation, execution environments, and privilege separation in ARM architectures. Discover Samsung's specific implementation, previous research, and the attack surface. Gain insights into tools like Liberator, Emulator, Eiffel, and Unicorn for vulnerability analysis. Understand the attack plan, including exploiting lack of error vulnerabilities, finding and retrieving the master key, bypassing signature checks, and instrumenting TrustZone. Conclude with techniques for debugging TrustZone components.

Syllabus

Introduction
Agenda
Embedded Security
Runtime Confirmation
Execution Environments
NS Bits
Privileges Separation
L1 L2 L3
Different software implementations
What is chosen actually useful
Samsungs implementation
Previous research
Architecture
Lifecycle
Attack Surface
Liberator
Emulator
EiffelUnicorn
Symbolic Execution
Vulnerability Overview
Attack Plan
Lack of Error
Vulnerability
Cisco
Map
Framework
Finding the Master Key
Retrieving the Master Key
Bypassing Signature Checks
Instrumentation of TrustZone
Debugging TrustZone


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube