Trust Issues: Exploiting TrustZone TEEs (Project Zero)

Here is a lengthy and detailed look from Google's Project Zero at the trusted execution environments that, one hopes, protect devices from compromise. "In this blog post we’ll explore the security properties of the two major TEEs present on Android devices. We’ll see how, despite their highly sensitive vantage point, these operating systems currently lag behind modern operating systems in terms of security mitigations and practices. Additionally, we’ll discover and exploit a major design issue which affects the security of most devices utilising both platforms. Lastly, we’ll see why the integrity of TEEs is crucial to the overall security of the device, making a case for the need to increase their defences."

Comments (8 posted)