QSEE TrustZone Kernel Integer Overflow Vulnerability

Similar documents
An Infestation of Dragons

An Infestation of Dragons

Tailoring TrustZone as SMM Equivalent

Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices

ARM Security Solutions and Numonyx Authenticated Flash

TRUSTSHADOW: SECURE EXECUTION OF UNMODIFIED APPLICATIONS WITH ARM TRUSTZONE Florian Olschewski

OP-TEE Using TrustZone to Protect Our Own Secrets

CSE 509: Computer Security

Advanced Systems Security: Ordinary Operating Systems

Designing Security & Trust into Connected Devices

QPSI. Qualcomm Technologies Countermeasures Update

Operating System Security

kguard++: Improving the Performance of kguard with Low-latency Code Inflation

Replicant Keynote. Paul Kocialkowski Saturday June 4 th 2016

Secure Software Development: Theory and Practice

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices

Lecture 4 September Required reading materials for this class

WINDOWS 10 RS2/RS3 GDI DATA-ONLY EXPLOITATION TALES

Laying a Secure Foundation for Mobile Devices. Stephen Smalley Trusted Systems Research National Security Agency

QUADROOTER NEW VULNERABILITIES AFFECTING OVER 900 MILLION ANDROID DEVICES. by the Check Point Research Team

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

Syscall Proxying. Simulating Remote Execution. Maximiliano Cáceres.

Embedded System Security Mobile Hardware Platform Security

Embedded System Security Mobile Hardware Platform Security

MWR InfoSecurity Security Advisory. IBM Lotus Domino Accept- Language Stack Overflow. 20 th May Contents

MWR InfoSecurity Security Advisory. Linux USB Device Driver - Buffer Overflow. 29 th October Contents

Modern Buffer Overflow Prevention Techniques: How they work and why they don t

Back To The Future: A Radical Insecure Design of KVM on ARM

Security and Performance Benefits of Virtualization

CS 161 Computer Security

Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR

Latest Certified Device List Phone Channel

Bypassing Browser Memory Protections

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems

Buffer overflow background

Runtime Integrity Checking for Exploit Mitigation on Embedded Devices

12 th January MWR InfoSecurity Security Advisory. WebSphere MQ xcsgetmem Heap Overflow Vulnerability. Contents

Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

Xenbedded: Xen-based client virtualization for phones and tablets

Pangu 9 Internals. Tielei Wang and Hao Xu

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

Lecture Embedded System Security A. R. Darmstadt, Runtime Attacks

How to Sandbox IIS Automatically without 0 False Positive and Negative

Software Vulnerabilities August 31, 2011 / CS261 Computer Security

Trusted Computing and O/S Security

SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD

Linux Kernel Futex Fun: Exploiting CVE Dougall Johnson

Supported Operating Systems, Browsers, Networks, and Stores Phone Channel Supported Operating Systems

SMARTPHONE HARDWARE: ANATOMY OF A HANDSET. Mainak Chaudhuri Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver

Trustzone Security IP for IoT

Presentation's title

ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO

Module: Return-oriented Programming. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Android Security. Android Security: Same-ol, Same-ol (but worse) Jonathan Levin

Verizon Samsung Galaxy S3 Manual Update To Jelly Bean 4.2 1

BUD Status of Android AOSP TV Project. Khasim Syed Mohammed, Tech Lead Linaro Home Group

OP-TEE Using TrustZone to Protect Our Own Secrets

HKG Android Verified Boot 2.0 and U-boot. Igor Opaniuk, Texas Instruments

The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel. Di Shen a.k.a. Retme Keen Lab of Tencent

ARMageddon: Cache Attacks on Mobile Devices

Unleashing D* on Android Kernel Drivers. Aravind Machiry

SA30228 / CVE

DR. CHECKER. A Soundy Analysis for Linux Kernel Drivers. University of California, Santa Barbara. USENIX Security seclab

Practical and Efficient Exploit Mitigation for Embedded Devices

OS Security IV: Virtualization and Trusted Computing

Latest Certified Device List Mobile Phones

IRL: Live Hacking Demos!

KeenLab ios Jailbreak Internals:

Attack TrustZone with Rowhammer. Pierre Carru - eshard 2017/04

Software Security: Buffer Overflow Defenses

InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android

Security Architecture

CacheLight: Defeating the CacheKit Attack

Analysis of MS Multiple Excel Vulnerabilities

Bypassing AddressSanitizer

Exploits and gdb. Tutorial 5

Documentation for exploit entitled nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit

Secure Programming Lecture 3: Memory Corruption I (Stack Overflows)

An Attack Surface Driven Approach to Evaluation

Secure Coding Techniques

Beyond Stack Smashing: Recent Advances in Exploiting. Jonathan Pincus(MSR) and Brandon Baker (MS)

How Double-Fetch Situations turn into Double-Fetch Vulnerabilities:

KCon. Breaking ios Mitigation Jails to Achieve Your Own Private Jailbreak. Min(Spark) Alibaba Mobile Security

Android security maximized by Samsung KNOX. Safeguard enterprise mobility with tightly integrated security, compliance, and control features

Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI)

ARM TrustZone is widely adopted as a means of providing

Bringing Android to Secure SDRs

Return-orientated Programming

CMPSC 497 Buffer Overflow Vulnerabilities

ISA564 SECURITY LAB. Code Injection Attacks

CS 161 Computer Security

z/os Operating System Vulnerabilities ( )

Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework

Dynamic secure firmware configuration. Dan Handley (Arm)

Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras

Module: Return-oriented Programming. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Mobile Banking Supported Operating Systems, Browsers, and Networks Phone Channel

Mobile Derived Credentials Purebred Information Brief

Transcription:

QSEE TrustZone Kernel Integer Overflow Vulnerability Dan Rosenberg dr@azimuthsecurity.com July 1, 2014 1 Introduction This paper discusses the nature of a vulnerability within the Qualcomm QSEE TrustZone implementation as present on a wide variety of Android devices. The actual exploitation mechanisms employed in the proof-of-concept exploit are not covered in this document. 2 Software Description ARM TrustZone technology is a system-wide approach to security for a wide array of client and server computing platforms, including handsets, tablets, wearable devices and enterprise systems. Applications enabled by the technology are extremely varied but include payment protection technology, digital rights management, BYOD, and a host of secured enterprise solutions. [2] 3 Background TrustZone segments both hardware and software into secure and non-secure domains, referred to as worlds. The non-secure world includes the traditional operating system kernel and its corresponding userland applications, while the secure world often includes a trusted operating system referred to as a Trusted Execution Environment (TEE). Software running in the secure world has privileged access to all hardware and the non-secure world, but the non-secure world is restricted from accessing device peripherals and memory regions designated by TrustZone as protected. The non-secure world may issue requests to the secure world via a number of mechanisms, including the privileged Secure Monitor Call (SMC) ARM instruction. Further documentation on TrustZone may be found on ARM s website [1]. 1

4 Affected Devices The vulnerability described in this document affects Qualcomm s implementation of the Trusted Execution Environment ( QSEE ) as present on a wide variety of Android mobile devices. At the time of this writing, the vulnerability is present on all known Android devices that support TrustZone and utilize a Qualcomm Snapdragon SoC, with the exception of the Samsung Galaxy S5 and HTC One M8, which have been patched. It is expected that by the time the details of this document have been made public, a more extensive list of devices will have been patched by their respective vendors. This vulnerability is known to affect a wide range of flagship devices, including the LG Nexus 4, LG Nexus 5, LG G2, HTC One series, Moto X, Samsung Galaxy S4, and Samsung Galaxy Note 3. 5 Vulnerability Overview Due to a flaw in bounds-checking Secure Monitor Call (SMC) requests, an attacker with kernel-level privileges (SVC mode) may issue specially crafted SMC requests to cause QSEE to write controlled data to arbitrary secure memory. This may be exploited to execute arbitrary code in the context of QSEE. 6 Vulnerability Description Privileged non-secure code (i.e. the Linux kernel) may request services of QSEE by issuing a Secure Monitor Call (SMC) instruction. QSEE supports two calling conventions when using the SMC instruction: a call-by-registers convention, and a second convention that uses a command structure to provide arguments, as depicted in Figure 1. Included in the command structure is a request header which is populated by the non-secure world, and a response header which is populated by QSEE on completion of the SMC request. When QSEE receives an SMC request using a command structure, it performs several checks on the request header to ensure validity. In particular, the following conditions must be satisfied for a command header to be considered valid (reverse engineered from a TrustZone image): 1. req.len >= 16 ( Is the command length larger than the fixed size of the request header? ) 2. req.buf offset < req.len ( Does the request input buffer reside within the command buffer? ) 3. req.buf offset >= 16 ( Does the request input buffer begin after the request header? ) 4. qsee is ns memory(req, req.len) == true ( Does the entire command buffer reside in non-secure memory? ) 2

Figure 1: QSEE command buffer. 5. req.resp hdr offset <= req.len - 16 ( Does the entire response header reside inside the command buffer? ) After sanity-checking the command structure, QSEE identifies and invokes the desired SMC handler (if it exists). On completion, if the input flags for the request indicate output is required, QSEE populates the output structure as follows: rsp.len = 12; rsp.buf_offset = 12; rsp.is_complete = 1; In this case, the address of the response header rsp is calculated as req + req.resp hdr offset. The qsee is ns memory() function (this is not the real name of this function, since source code is not available) is designed to check whether a range of memory has been marked as secure and is accessible only to TrustZone, or if it is non-secure and should be accessible to the Linux kernel. This function has a deficiency where it fails to handle integer overflows properly, and in fact explicitly allows for them by reversing the order of the arguments when one is unexpectedly greater than another. The following is approximate pseudocode of the involved functions: int qsee_is_ns_memory(long addr, long len) { return qsee_not_in_region(&region_list, addr, addr+len); 3

int qsee_not_in_region(void *list, long start, long end) { if (end < start) { tmp = start; start = end; end = tmp; // Perform validation... Note that if qsee not in region() is invoked with a start address greater than the end address, this function will reverse the order of these arguments. As a result, the following request header will cause QSEE to write the three words of the populated response header, 0x0000000c 0x0000000c 0x00000001, to arbitrary secure memory: req.len = 0xfffff000 req.buf_offset = 0xffffe000 req.resp_hdr_offset = target - req Glancing back at the validation, each sanity-checking condition is satisfied: 1. 0xfffff000 > 16 2. 0xffffe000 < 0xfffff000 3. 0xffffe000 >= 16 4. qsee is ns memory(req, 0xfffff000) == true 5. target - req < 0xfffff000-16 In particular, (4) is satisfied because an integer overflow will occur when adding the address of the command buffer (req) and its supposed length (0xfffff000) in the invocation of qsee not in region(), but this function will then reverse the order of the arguments such that the entire region being validated lies in non-secure memory and passes the check. The ability to write these three words to arbitrary secure memory can be leveraged to execute arbitrary code in the context of QSEE. 7 Impact The ability to execute arbitrary code in the context of QSEE results in the complete compromise of any applications leveraging TrustZone for security guarantees. In particular, this vulnerability may be used to compromise DRM 4

schemes, leak sensitive key materials, defeat operating system protection mechanisms, and in some cases (e.g. on some Motorola and HTC devices) manipulate software-programmable fuses to defeat secure boot. References [1] ARM Ltd. TEE reference documentation. http://www.arm.com/products/processors/technologies/trustzone/teereference-documentation.php, 2014. [2] ARM Ltd. Trustzone. http://www.arm.com/products/processors/technologies/trustzone/index.php, 2014. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback