Voiding Trust: Real-world TEE Attacks

  • Join the LiveStream
  • When: Feb. 18, 2021 | 6 p.m. Central European Time(UTC+01)

    Where: LiveStream

    Who: Cristofaro Mune Founder and Security Researcher at Raelize

    Voiding Trust: Real-world TEE Attacks

    Modern embedded devices, including automotive ECUs, are nowadays commonly equipped with a Trusted Execution Environment (TEE). This functionality allows OEMs to implement use cases that require additional security (e.g. authentication, DRM, payment, etc.) directly in the car. The adoption of OP-TEE operating system by Apertis and AGL shows the relevance of TEE technology within the automotive industry. A secure TEE should facilitate the separation between a non-trusted world and a trusted world inside a single system on a chip (SoC). Moreover, it should also assure the use cases inside the trusted world can co-exist by facilitating the separation between the use cases themselves. This complexity often results in a significant attack surface, where a single vulnerability may compromise the TEE entirely. In our talk we demonstrate various TEE attacks that were performed on real-world devices. For each attack, we assess the impact and discuss what can be done to mitigate the vulnerability. To conclude, we touch upon design and implementation pitfalls, which are not commonly discussed in public.

    About the Presenter:

    Cristofaro has been in the security field for 15+ years. He has 10 years of experience with evaluating software and hardware security of secure devices, as well as more than 5 years of experience in testing and assessing the security of Trusted Execution Environments (TEEs). Follow Cristofaro on Twitter: @pulsoid. Contact him at [email protected]

    Visit Speaker Profile