TEE Exploitation

Exploiting Trusted Apps on Samsung’s TEE

Abstract

Samsung uses a TrustZone-based Trusted Execution Environment(TEE) in their handsets for a variety of sensitive tasks including payments (Samsung Pay), key storage (Android KeyStore) and system integrity verification (TIMA).

On their exynos chipsets, the TEE functionality is implemented using the Kinibi OS from Trustonic combined with Samsung's own Trusted Applications (TA) and Trusted Drivers (TD). Both TAs and TDs run as userspace components on Kinibi, with TDs having the capability of owning the complete system.

We reported 4 different vulnerabilities in these components to Samsung, each of a different class. In this talk we provide an in-depth description of the exploits we developed for these issues.

We first provide a small introduction to what TEEs are and how TrustZone is used to support a TEE. We follow up with introducing the Kinibi OS and explaining how to start reversing and bug hunting on Kinibi TAs and TDs.

Next, we focus on three types of vulnerabilities through the following examples:

  • SVE-2018-12852: a classic stack-based buffer overflow. For this case, we describe how to create a ROP chain that allows performing arbitrary calls to further explore the system.
  • SVE-2018-12855: a double-fetch issue inherent to the shared memory interface used by most TEEs.
  • SVE-2018-12853: an invalid free issue, for which we introduce the internals of the heap allocator used by Kinibi and analyze possible avenues for exploitation of heap corruption vulnerabilities.

Finally, we look into post-exploitation opportunities after compromising a Trusted Application. For this we present the API between TAs and TDs and zoom into how we exploited SVE-2018-12881 to compromise the Linux kernel and the RKP hypervisor.

Download

The slides we presented at zer0con and Infiltrate 2019 can be found below: