TrustZone Downgrade Attack Opens Android Devices To Old Vulnerabilities (bleepingcomputer.com) 45
An anonymous reader writes from a report via Bleeping Computer: An attacker can downgrade components of the Android TrustZone technology -- a secure section of smartphone CPUs -- to older versions that feature known vulnerabilities. The attacker can then use previously published exploit code to attack up-to-date Android OS versions. The research team proved their attack in tests on devices running the ARM TrustZone technology, such as Samsung Galaxy S7, Huawei Mate 9, Google Nexus 5, and Google Nexus 6. They replaced updated versions of the Widevine trustlet with an older version that was vulnerable to CVE-2015-6639, a vulnerability in Android's Qualcomm Secure Execution Environment (QSEE) -- Qualcomm's name for its ARM TrustZone version that runs on Qualcomm chips. This vulnerability allows attackers root level access to the TrustZone OS, which indirectly grants the attack control over the entire phone. The research paper is available here, and one of the researcher's authors explains the attack chain in an interview here.
Re: (Score:2)
Re: (Score:2)
Android is so much more secure than iPhone!
NOT! /Borat
I realise the above post is flamebait, but I wish these posts would stop using the word Android.
The vulnerability in this case has nothing to do with Android.
It's an exploit targeting ARM hardware/firmware - nothing to do with Android.
When you exploit the hardware of a platform, it doesn't matter what OS the platform is running - it is no longer secure.
The same would be true of iOS or any other OS running on this Qualcom chipset.
It's just a happenstance that most open devices run Android.
if iOS was allowed to be run on third party hardware, many of these same exploits would apply.
Apple run Apple's ARM SoCs. Yet this vulnerability doesn't exist. That's because Apple knows how to develop an ARM SoC, and Qualcomm evidently, er, doesn't.
And ALL devices that run Qualcomm's ARM SoCs run Android.
Re: (Score:2)
And ALL devices that run Qualcomm's ARM SoCs run Android.
Which routers run Android? I was gonna ask which TVs, but there are actually some that do...
Re: (Score:2)
And ALL devices that run Qualcomm's ARM SoCs run Android.
Which routers run Android? I was gonna ask which TVs, but there are actually some that do...
Ok, most Routers run Embedded Linux, I assume.
Didn't give that enough thought, obviously! ;-)
Re: (Score:2)
Re: (Score:2)
I really need to start looking at who I'm replying to before submitting comments. That's twice this week I've replied to you without realizing it! ;)
LOL!
No worries! I do the same thing almost ALL the time... ;-) ...or does that mean that you would IGNORE my idiocy if you saw it was me? ;-P
Re: (Score:2)
Re:Downgrade? (Score:5, Informative)
The point is that you can use the vulnerabilities to root the phone.
So you think the point is to use the vulnerabilities to root a phone that you had to root in order to install the vulnerability?
Suggest you read the linked interview: "A successful exploit first needs to have the root privilege of the device (e.g., exploit another vulnerability), and then use this issue combined with other vulnerabilities to exploit the device," said the researcher."
Re:Downgrade? (Score:5, Funny)
So, the headline should really be "Researchers surprised that root privilege provides root privilege!"
Re: (Score:1)
Except downgrading the Trustzone will survive a reinstall of the ROM / Factory Reset.
So you could have root on an older version of Android, downgrade the trustzone firmware, upgrade Android to a more secure version, then use the older trustzone firmware to bypass the newer Android version's security. Android can't do shit about it because the firmware runs before it does and as such can thwart any detection, or mitigation attempts Android might make.
Where this could be real bad is in used phone sales. The a
Re:Downgrade? (Score:4, Interesting)
Do you really not understand?
1. Backup phone
2. Factory reset
3. Unlock bootloader
4. Tamper Trustzone
5. Factory reset
6. Lock bootloader
7. Restore
Does everything need to be spelled out for you? What is the point of Trustzone if it can be tampered with. Maybe you should go and do some reading on Trustzone technology and its purpose.
Note that this sequence of operations won't work on most phones launched with Marshmallow or later.
Step 2, factory reset, will clear a critical section of the replay-protected memory block (RPMB). That block stores the rollback protection status of Android Keymaster keys (Keymaster is a TrustZone -- or similar -- app that manages important cryptographic keys). Wiping it will make all such keys permanently unusable, cryptographically, and those keys are used to protect the device encryption keys.
So, when you get to step 7 and restore, you'll be restoring data that is encrypted with keys that you cannot recover.
If, however, you can tamper TrustZone in step 4 so that it, say, always generates the same, known, key for disk encryption, then give it to your target and wait for them to put sensitive data on it, then take it back, dump the flash and decrypt, then you can get the user's data. Oh, you'd also need to brute force the user's password, but that's not hard because phone passwords suck, and you could do it off-device.
Alternatively, if you could rewrite the RPMB data between step 6 and 7, you could "reactivate" the keys, but that would require finding a way to read it before step 2.
Re: (Score:2)
In step 4 by "Tamper Trustzone" you mean "Load an old version of Trustzone, because there isn't a vulnerability in the verification, only that you can replace a new verified binary with an old verified binary"
Same goes for the trustlet's this article is about, except a device update will overwrite the old trustlets.
Re: (Score:2)
Rollback protection. (Score:5, Interesting)
I thought commonly used TrustZone firmwares do have revocation/rollback protection but the OEMs doesn't use it when upgrading the OS. E.g. they bundle a new Widevine version in the update but they don't actually revoke old vulnerable ones.
As explored in depth by Google's Project Zero here:
https://googleprojectzero.blog... [blogspot.se]
Or is this a real bypass that allows installing a revoked trustlet? The article was light on details.
/ greger47
Re: (Score:3)
It explains that when the same key pairs are used for new versions, the old ones can still be loaded.
The vendors can change they keys with each version, but since it becomes much harder to manager, they don't.
Fixed? (Score:4, Interesting)
From TFA:
"We have already reported this vulnerability to the affected mobile vendors, and they have integrated patches in their latest updates, as well as fixes for newer device versions," Yue told Bleeping via email.
Who? Which devices?
Re:Fixed? (Score:4, Funny)
Here's a list of vendors not affected by this bug:
- Apple
- Microsoft
Hurray!! (Score:2)
This theoretically opens a way to Root ANY android phone. That could be Great.
The main dangers to you as a smartphone user are your cellphone network carrier and the manufacturer of your phone. Both both of them have a direct interest in invading your privacy for money or to keep you captive to their machinery.
Fortunately, Android is built on open source foundations, so Google must publish the source and a build chain. Rooting your phone and installing a 3rd party Android build ( such as LineageOS ) goes
Re:Hurray!! (Score:4, Informative)
"A successful exploit first needs to have the root privilege of the device (e.g., exploit another vulnerability)"
Re: (Score:2)
Fortunately, Android is built on open source foundations, so Google must publish the source and a build chain.
No, it isn't.
AOSP is open and free. Android is closed and not free.
Further, Android being 100% secure won't fix this. This is an issue similar to Intel's fuck up with AMT. AMD uses ARM TrustZone bits in their processors as well. AMD calls it the PSP.
As an end user, the only thing you should trust is the fact that your device is vulnerable and the powers that be know about it (and likely put the vulnerabilities there in the first place). Because fuck you.
Treacherous by design (Score:3, Funny)
Re: (Score:3)
I went to the local computer store and asked him if he had free hardware.
The guy kicked me out.
Re: (Score:2)
You can't load arbitrary TrustZone OS firmware, only old versions of it.
Replacing the trustlet is not zero footprint, it's a file on the filesystem that the OS loads when it boots. You need to root the device to overwrite the file. Re-flashing the OS will undo your exploit. There's nothing stopping anyone from writing an "Exploit detection app" like the Stagefright detection apps, as all they'll need to do is read the version of the trustlets.
There's also not much stopping a vendor from updating the TrustZo
From the research article (Score:3)
Here:
"To reproduce the procedure, the steps are as follows: /system”).
1. Root the device.
2. Remount the file system that contains the trustlets (e.g., “mount -o rw,remount
3. Replace the current trustlets with the corresponding (vulnerable) ones from an
older-version image.
4. Use the device as normal."