Breaking Samsung's Root of Trust: Exploiting Samsung S10 Secure Boot

Channel:
United States All Hacking Cons
Subscribers:
6,070
Published on ● Video Link: https://www.youtube.com/watch?v=kgCuhFxGuQU


Duration: 36:37
35 views
0

Cheng-Yu Chao | Senior Researcher, TeamT5
Hung Chi Su | Senior Researcher, TeamT5
Che-Yang Wu | Senior Researcher, TeamT5
Date: Wednesday, August 5 | 1:30pm-2:10pm
Format: 40-Minute Briefings
Tracks: Mobile, Exploit Development

Being the highest market share smartphone manufacturer, Samsung conducts a series of protection on Android called Knox Platform to ensure the security of its smartphones. During the booting process, Samsung uses S-boot (Secure Boot) to make sure it can only boot a stocked image. If the device tries to boot a custom image, it will trip a one-time programmable bit e-fuse (a.k.a Knox bit). Once a trustzone app (trustlet) detects the Knox bit tripped, it will delete the encryption key for the sensitive data to prevent unauthorized data access to the locked phone.

In this presentation, we'll present several vulnerabilities we found in S-Boot that are related to USB request handling. By exploiting these vulnerabilities, we're allowed to bypass the mitigation of S-boot through the USB device and obtain code execution in early boot stage. In other words, as long as we have the phone (whether locked or not) and an USB-C connector, we'll be able to boot a custom image without tripping the Knox bit, allowing us to retrieve sensitive data from a locked device.

We will also describe how we discover and exploit the vulnerabilities in detail, demonstrate the exploit on a Samsung Galaxy S10 smartphone, and discuss the possible impact of these vulnerabilities.

Black Hat - USA - 2020 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-10Remote Timing Attacks on TPMs, AKA TPM Fail
2022-01-09Black-Box Laser Fault Injection on a Secure Memory
2022-01-09EdTech- The Ultimate APT
2022-01-09HTTP Request Smuggling in 2020 – New Variants, New Defenses and New Challenges
2022-01-09Making an Impact from India to the Rest of the World by Building & Nurturing Women Infosec Community
2022-01-09Election Security: Securing America's Future
2022-01-09Breaking Brains, Solving Problems: Lessons Learned from Two Years for InfoSec Professionals
2022-01-09Emulating Samsung's Baseband for Security Testing
2022-01-09Hunting Invisible Salamanders: Cryptographic (in)Security with Attacker-Controlled Keys
2022-01-09Mind Games Using Data to Solve for the Human Element
2022-01-09Breaking Samsung's Root of Trust: Exploiting Samsung S10 Secure Boot
2022-01-09I calc'd Calc - Exploiting Excel Online
2022-01-09Engineering Empathy: Adapting Software Engineering Principles and Process to Security
2022-01-09Multiple Bugs in Multi-Party Computation: Breaking Cryptocurrency's Strongest Wallets
2022-01-09Breaking VSM by Attacking SecureKernel
2022-01-09Escaping Virtualized Containers
2022-01-09Experimenting with Real Time Event Feeds
2022-01-09My Cloud is APT's Cloud Investigating and Defending Office 365
2022-01-09Building a Vulnerability Disclosure Program that Works for Election Vendors and Hackers
2022-01-09EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks
2022-01-09Exploiting Kernel Races through Taming Thread Interleaving


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
access
safety
system
firewall
business
privacy
binary
account
spy
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Cheng-Yu Chao
Hung Chi Su
Che-Yang Wu
samsung
s10
secure boot