Slashdot Mirror

← Back to Stories (view on slashdot.org)

TrustZone Downgrade Attack Opens Android Devices To Old Vulnerabilities (bleepingcomputer.com)

Posted by BeauHD on from the up-to-date dept.

An anonymous reader writes from a report via Bleeping Computer: An attacker can downgrade components of the Android TrustZone technology -- a secure section of smartphone CPUs -- to older versions that feature known vulnerabilities. The attacker can then use previously published exploit code to attack up-to-date Android OS versions. The research team proved their attack in tests on devices running the ARM TrustZone technology, such as Samsung Galaxy S7, Huawei Mate 9, Google Nexus 5, and Google Nexus 6. They replaced updated versions of the Widevine trustlet with an older version that was vulnerable to CVE-2015-6639, a vulnerability in Android's Qualcomm Secure Execution Environment (QSEE) -- Qualcomm's name for its ARM TrustZone version that runs on Qualcomm chips. This vulnerability allows attackers root level access to the TrustZone OS, which indirectly grants the attack control over the entire phone. The research paper is available here, and one of the researcher's authors explains the attack chain in an interview here.

13 of 45 comments (clear)

  1. Re:Downgrade? by tsqr · · Score: 4, Informative

    The point is that you can use the vulnerabilities to root the phone.

    So you think the point is to use the vulnerabilities to root a phone that you had to root in order to install the vulnerability?

    Suggest you read the linked interview: "A successful exploit first needs to have the root privilege of the device (e.g., exploit another vulnerability), and then use this issue combined with other vulnerabilities to exploit the device," said the researcher."

  2. Re:Downgrade? by msauve · · Score: 5, Funny

    "A successful exploit first needs to have the root privilege of the device"

    So, the headline should really be "Researchers surprised that root privilege provides root privilege!"

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  3. Rollback protection. by Greger47 · · Score: 4, Interesting

    I thought commonly used TrustZone firmwares do have revocation/rollback protection but the OEMs doesn't use it when upgrading the OS. E.g. they bundle a new Widevine version in the update but they don't actually revoke old vulnerable ones.

    As explored in depth by Google's Project Zero here:

    https://googleprojectzero.blog...

    Or is this a real bypass that allows installing a revoked trustlet? The article was light on details.

    / greger47

    1. Re:Rollback protection. by viperidaenz · · Score: 2

      It explains that when the same key pairs are used for new versions, the old ones can still be loaded.
      The vendors can change they keys with each version, but since it becomes much harder to manager, they don't.

  4. Fixed? by AmiMoJo · · Score: 3, Interesting

    From TFA:

    "We have already reported this vulnerability to the affected mobile vendors, and they have integrated patches in their latest updates, as well as fixes for newer device versions," Yue told Bleeping via email.

    Who? Which devices?

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re:Fixed? by DontBeAMoran · · Score: 3, Funny

      Here's a list of vendors not affected by this bug:
      - Apple
      - Microsoft

      --
      #DeleteFacebook
  5. Hurray!! by charlesTheLurker · · Score: 2

    This theoretically opens a way to Root ANY android phone. That could be Great.

    The main dangers to you as a smartphone user are your cellphone network carrier and the manufacturer of your phone. Both both of them have a direct interest in invading your privacy for money or to keep you captive to their machinery.

    Fortunately, Android is built on open source foundations, so Google must publish the source and a build chain. Rooting your phone and installing a 3rd party Android build ( such as LineageOS ) goes a long way toward foiling this kind of carrier or OEM fuckery. It won't keep your carrier from examining your packet stream. but at least he won't be able to surveil you directly or install programs on your phone which you cannot remove. Because of this, many smartphone providers take steps to make rooting their devices difficult or impossible -- but this vulnerability might provide a way around all of them.

    --
    Not a web designer.
    1. Re:Hurray!! by triffid_98 · · Score: 3, Informative

      Sadly it does not...

      "A successful exploit first needs to have the root privilege of the device (e.g., exploit another vulnerability)"

  6. Re:Oh yeah by Gr8Apes · · Score: 2

    And some things are less secure than others, sometimes fundamentally much less secure.

    --
    The cesspool just got a check and balance.
  7. Treacherous by design by jabberw0k · · Score: 2, Funny

    Anyone who uses one of these devices -- designed from the get-go to spy on the user -- is a patsy, a mark, a fool. Free software, and free hardware, exists for a reason. Think about it.

    1. Re:Treacherous by design by DontBeAMoran · · Score: 2

      I went to the local computer store and asked him if he had free hardware.

      The guy kicked me out.

      --
      #DeleteFacebook
  8. From the research article by XSportSeeker · · Score: 2

    Here:

    "To reproduce the procedure, the steps are as follows:
    1. Root the device.
    2. Remount the file system that contains the trustlets (e.g., “mount -o rw,remount /system”).
    3. Replace the current trustlets with the corresponding (vulnerable) ones from an
    older-version image.
    4. Use the device as normal."

  9. Re:Downgrade? by swillden · · Score: 3, Interesting

    Do you really not understand?

    1. Backup phone

    2. Factory reset

    3. Unlock bootloader

    4. Tamper Trustzone

    5. Factory reset

    6. Lock bootloader

    7. Restore

    Does everything need to be spelled out for you? What is the point of Trustzone if it can be tampered with. Maybe you should go and do some reading on Trustzone technology and its purpose.

    Note that this sequence of operations won't work on most phones launched with Marshmallow or later.

    Step 2, factory reset, will clear a critical section of the replay-protected memory block (RPMB). That block stores the rollback protection status of Android Keymaster keys (Keymaster is a TrustZone -- or similar -- app that manages important cryptographic keys). Wiping it will make all such keys permanently unusable, cryptographically, and those keys are used to protect the device encryption keys.

    So, when you get to step 7 and restore, you'll be restoring data that is encrypted with keys that you cannot recover.

    If, however, you can tamper TrustZone in step 4 so that it, say, always generates the same, known, key for disk encryption, then give it to your target and wait for them to put sensitive data on it, then take it back, dump the flash and decrypt, then you can get the user's data. Oh, you'd also need to brute force the user's password, but that's not hard because phone passwords suck, and you could do it off-device.

    Alternatively, if you could rewrite the RPMB data between step 6 and 7, you could "reactivate" the keys, but that would require finding a way to read it before step 2.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.