TrustZone Downgrade Attack Opens Android Devices To Old Vulnerabilities

An anonymous reader writes from a report via Bleeping Computer: An attacker can downgrade components of the Android TrustZone technology -- a secure section of smartphone CPUs -- to older versions that feature known vulnerabilities. The attacker can then use previously published exploit code to attack up-to-date Android OS versions. The research team proved their attack in tests on devices running the ARM TrustZone technology, such as Samsung Galaxy S7, Huawei Mate 9, Google Nexus 5, and Google Nexus 6. They replaced updated versions of the Widevine trustlet with an older version that was vulnerable to CVE-2015-6639, a vulnerability in Android's Qualcomm Secure Execution Environment (QSEE) -- Qualcomm's name for its ARM TrustZone version that runs on Qualcomm chips. This vulnerability allows attackers root level access to the TrustZone OS, which indirectly grants the attack control over the entire phone. The research paper is available here, and one of the researcher's authors explains the attack chain in an interview here.

Re:Downgrade?

[tsqr]

The point is that you can use the vulnerabilities to root the phone.

So you think the point is to use the vulnerabilities to root a phone that you had to root in order to install the vulnerability?

Suggest you read the linked interview: "A successful exploit first needs to have the root privilege of the device (e.g., exploit another vulnerability), and then use this issue combined with other vulnerabilities to exploit the device," said the researcher."

Re:Hurray!!

[triffid_98]

Sadly it does not...

"A successful exploit first needs to have the root privilege of the device (e.g., exploit another vulnerability)"