> http://bits-please.blogspot.fr/2016/06/extracting-qualcomms-keymaster-keys.html
> https://github.com/laginimaineb/ExtractKeyMaster
> https://github.com/laginimaineb/android_fde_bruteforce
> https://github.com/laginimaineb?tab=repositories
>
> In this blog post, I'll demonstrate how TrustZone kernel
> code-execution can be used to effectively break Android's Full Disk
> Encryption (FDE) scheme....
The underlying blog posts on github are well worth reading for an understanding
of what hacking is these days. (FYI, it's not *all* that different from
hacking back in the early 1970's - the basic approach, the style of thinking,
the general things you look for and abuse, even some of the basic problems you
need to solve,b were the same back then - but the scale and intensity necessary
to break through these days is so much higher. Then again, the tools are
better, too. If you still think not releasing source code is protecting you,
well, I can get you a good deal on a bridge in NYC.)
While the headlines are about Android FDE, what the attacker here has done is
show how to take over the entire TrustZone used in standard ARM chips. This is
a mechanism somewhat like the TPM in x86 chips: An isolated environment that
can hold secrets and perform various operations in a way that even the
operating system can neither interfere with nor even observe. Unlike Apple's
"Secure Enclave" - which has limited capabilities implemented entirely in
hardware - TrustZone is a protected mode of operation in which arbitrary
software can be run - and what's running in it is the equivalent in a small OS.
That OS is then used to load some fairly substantial bits of software -
including some stuff to implement DRM, which in fact happened to provide the
entry point used in these attacks - though there's nothing specific to DRM that
opens the way to the attack.
Lessons? Generality and power lead (to complexity, which is the enemy of
security. Even fairly simple and apparently limited systems have been hacked
by turning their own mechanisms against them (see the classic attacks against
IBM HSM's). But the more you add, the easier this becomes. In particular,
making a mechanism to implement secure key management general enough to
implement DRM is a mistake. KISS - Keep It Simple, Stupid - needs to be the
guiding principle.
-- Jerry
_______________________________________________
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email: [email protected]
