[ASRG-WORLD] Voiding Trust: Real-world TEE Attacks

Join us for our upcoming ASRG-WORLD LiveStream, the global online (COVID19 Approved) version of ASRG. This time we have the pleasure of hosting Cristofaro Mune and Niek Timmers (Founder of Raelize B.V.). They will present to us which TEE attacks are possible on real devices, which design and implementation pitfalls exist on TEEs integrated in SoCs and what should be done to mitigate such kind of vulnerabilities.

PRESENTATION:
"Voiding Trust: Real-world TEE Attacks"

Modern embedded devices, including automotive ECUs, are nowadays commonly equipped with a Trusted Execution Environment (TEE). This functionality allows OEMs to implement use cases that require additional security (e.g. authentication, DRM, payment, etc.) directly in the car. The adoption of OP-TEE operating system by Apertis and AGL shows the relevance of TEE technology within the automotive industry.

A secure TEE should facilitate the separation between a non-trusted world and a trusted world inside a single system on a chip (SoC). Moreover, it should also assure the use cases inside the trusted world can co-exist by facilitating the separation between the use cases themselves. This complexity often results in a significant attack surface, where a single vulnerability may compromise the TEE entirely.

In our talk we demonstrate various TEE attacks that were performed on real-world devices. For each attack, we assess the impact and discuss what can be done to mitigate the vulnerability. To conclude, we touch upon design and implementation pitfalls, which are not commonly discussed in public.

ABOUT THE PRESENTER:

Cristofaro Mune : Cristofaro has been in the security field for 15+ years. He has 10 years of experience with evaluating software and hardware security of secure devices, as well as more than 5 years of experience in testing and assessing the security of Trusted Execution Environments (TEEs).

Follow Cristofaro on Twitter: @pulsoid.

Contact him at cristofaro@raelize.com

Niek Timmers : Niek has been analyzing and testing the security of software and hardware of secure devices for over a decade. His interest is typically sparked by technologies where the hardware of the device is fundamentally part of the equation.

Follow Niek on Twitter: @tieknimmers.

Contact him at niek@raelize.com