On the Nose - Bypassing Huawei's Fingerprint Authentication by Exploiting the TrustZone
Offered By: YouTube
Course Description
Overview
Explore the intricacies of bypassing Huawei's fingerprint authentication by exploiting the TrustZone in this 45-minute conference talk from Derbycon 2018. Delve into the modern mobile security architecture and the exploit chain, focusing on Huawei's TrustZone system architecture. Learn about the journey from userland to kernel, including a custom unmap implementation bug and exploitation techniques like redirecting the fops table. Discover the process of entering the Secure World, passing arguments to a Trustlet, and hijacking TEE_Malloc. Investigate the Trusted Core Environment, finding primitives, and disabling fingerprint authentication by locating and manipulating the responsible trustlet. Follow the userland daemon to identify and patch vulnerabilities in this comprehensive exploration of mobile security vulnerabilities.
Syllabus
Intro
The Goal
The modern mobile security architecture
The exploit chain
Disclaimer - Chipset determines the TEE
Huawei's Trustzone system architecture
Userland to Kernel
Bug #2- A custom unmap implementation?
Exploitation - Redirecting the fops table
Kernel to Trustlet
Into to the Secure World - Passing args to a Trustlet
Exploitation - Hijacking TEE_Malloc
Trusted Core Environment
Trusted Core - Finding Primitives
Disable Fingerprint Auth • Find trustle responsible for recognizing Fingerprints
Follow the userland daemon
Finding and patching
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube