WORLD
LiveStream
Voiding Trust: Real-world TEE Attacks
When: Feb. 18, 2021 | 6 p.m. Central European Time(UTC+01)
Where: LiveStream
Who: Cristofaro Mune Founder and Security Researcher at Raelize
Voiding Trust: Real-world TEE Attacks
Modern embedded devices, including automotive ECUs, are nowadays commonly equipped with a Trusted Execution Environment (TEE). This functionality allows OEMs to implement use cases that require additional security (e.g. authentication, DRM, payment, etc.) directly in the car. The adoption of OP-TEE operating system by Apertis and AGL shows the relevance of TEE technology within the automotive industry. A secure TEE should facilitate the separation between a non-trusted world and a trusted world inside a single system on a chip (SoC). Moreover, it should also assure the use cases inside the trusted world can co-exist by facilitating the separation between the use cases themselves. This complexity often results in a significant attack surface, where a single vulnerability may compromise the TEE entirely. In our talk we demonstrate various TEE attacks that were performed on real-world devices. For each attack, we assess the impact and discuss what can be done to mitigate the vulnerability. To conclude, we touch upon design and implementation pitfalls, which are not commonly discussed in public.About the Presenter:


Visit Speaker Profile