2024-08-15 スイス連邦工科大学ローザンヌ校(EPFL)
EPFL researchers have found numerous security flaws in Android’s most privileged components © iStock
<関連情報>
- https://actu.epfl.ch/news/finding-security-flaws-in-android-ahead-of-malicio/
- https://www.usenix.org/conference/usenixsecurity24/presentation/busch-tea
- https://www.usenix.org/conference/usenixsecurity24/presentation/lindenmeier
- https://www.usenix.org/conference/usenixsecurity24/presentation/busch-globalconfusion
Spill the TeA:Androidスマートフォンにおける信頼されたアプリケーションのロールバック防止に関する実証研究 Spill the TeA: An Empirical Study of Trusted Application Rollback Prevention on Android Smartphones
Marcel Busch, Philipp Mao, and Mathias Payer, EPFL
Usenix Security Symposium
Abstract
The number and complexity of Trusted Applications (TAs, applications running in Trusted Execution Environments—TEEs) deployed on mobile devices has exploded. A vulnerability in a single TA impacts the security of the entire device. Thus, vendors must rapidly fix such vulnerabilities and revoke vulnerable versions to prevent rollback attacks, i.e., loading an old version of the TA to exploit a known vulnerability.
In this paper, we assess the state of TA rollback prevention by conducting a large-scale cross-vendor study. First, we establish the largest TA dataset in existence, encompassing 35,541 TAs obtained from 1,330 firmware images deployed on mobile devices across the top five most common vendors. Second, we identify 37 TA vulnerabilities that we leverage to assess the state of industry-wide TA rollback effectiveness. Third, we make the counterintuitive discovery that the uncoordinated usage of rollback prevention correlates with the leakage of security-critical information and has far-reaching consequences potentially negatively impacting the whole mobile ecosystem. Fourth, we demonstrate the severity of ineffective TA rollback prevention by exploiting two different TEEs on fully-updated mobile devices. In summary, our results indicate severe deficiencies in TA rollback prevention across the mobile ecosystem.
EL3XIR:COTSセキュアモニタのファジング EL3XIR: Fuzzing COTS Secure Monitors
Christian Lindenmeier, FAU Erlangen-Nürnberg; Mathias Payer and Marcel Busch, EPFL
Usenix Security Symposium
Abstract
ARM TrustZone forms the security backbone of mobile devices. TrustZone-based Trusted Execution Environments (TEEs) facilitate security-sensitive tasks like user authentication, disk encryption, and digital rights management (DRM). As such, bugs in the TEE software stack may compromise the entire system’s integrity.
EL3XIR introduces a framework to effectively rehost and fuzz the secure monitor firmware layer of proprietary TrustZone-based TEEs. While other approaches have focused on naively rehosting or fuzzing Trusted Applications (EL0) or the TEE OS (EL1), EL3XIR targets the highly-privileged but unexplored secure monitor (EL3) and its unique challenges. Secure monitors expose complex functionality dependent on multiple peripherals through diverse secure monitor calls.
In our evaluation, we demonstrate that state-of-the-art fuzzing approaches are insufficient to effectively fuzz COTS secure monitors. While naive fuzzing appears to achieve reasonable coverage it fails to overcome coverage walls due to missing peripheral emulation and is limited in the capability to trigger bugs due to the large input space and low quality of inputs. We followed responsible disclosure procedures and reported a total of 34 bugs, out of which 17 were classified as security critical. Affected vendors confirmed 14 of these bugs, and as a result, EL3XIR was assigned six CVEs.
GlobalConfusion: TrustZone の信頼できるアプリケーションの 0-Days 設計 GlobalConfusion: TrustZone Trusted Application 0-Days by Design
Marcel Busch, Philipp Mao, and Mathias Payer, EPFL
Usenix Security Symposium
Abstract
Trusted Execution Environments form the backbone of mobile device security architectures. The GlobalPlatform Internal Core API is the de-facto standard that unites the fragmented landscape of real-world implementations, providing compatibility between different TEEs.
Unfortunately, our research reveals that this API standard is prone to a design weakness. Manifestations of this weakness result in critical type-confusion bugs in real-world user-space applications of the TEE, called Trusted Applications (TAs). At its core, the design weakness consists of a fail-open design leaving an optional type check for untrusted data to TA developers. The API does not mandate this easily forgettable check that in most cases results in arbitrary read-and-write exploitation primitives. To detect instances of these type-confusion bugs, we design and implement GPCheck, a static binary analysis system capable of vetting real-world TAs. We employ GPCheck to analyze 14,777 TAs deployed on widely used TEEs to investigate the prevalence of the issue. We reconfirm known bugs that fit this pattern and discover unknown instances of the issue in the wild. In total, we confirmed 9 known bugs, found 10 instances of silently-fixed bugs, and discovered a surprising amount of 14 critical 0-day vulnerabilities using our GPCheck prototype. Our findings affect mobile devices currently in use by billions of users. We responsibly disclosed these findings, already received 12,000 USD as bug bounty, and were assigned four CVEs. Ten of our 14 critical 0-day vulnerabilities are still in the responsible disclosure process. Finally, we propose an extension to the GP Internal Core API specification to enforce a fail-safe mechanism that removes the underlying design weakness. We implement and successfully demonstrate our mitigation on OPTEE, an open-source TEE implementation. We shared our findings with GlobalPlatform and suggested our mitigation as an extension to their specification to secure future TEE implementations.
