Our team did a deep dive into TEEGRIS, the newest TEE of Samsung. As a result, we proved that this TEE, introduced in 2019 for the Galaxy S10, can be fully compromised by a determined expert. The research is documented in a series of technical blogs, but here we summarize the results and lessons for the non-technical reader.
The TEEGRIS system builds on TrustZone, a secure layer on ARM chips that provides hardware support for separating secure and non-secure software. The Android operating system provides a service to client apps (e.g., a payment app) to interact through TEEGRIS with Trusted Apps (TAs), small software components that protect sensitive data, but also device drivers that give access to memory and peripherals. While the security concepts of a TEE are clear and well-defined, we show that the implementation is complex and error-prone. The various components are written in the C language, which allows for efficient code suited for low-level software with hardware dependencies. As the C language offers no built-in security, every component in TEEGRIS needs to protect itself and others by carefully validating all communication parameters.
In our research, we applied well-known security attack vectors and found vulnerabilities in a TA, a device driver, and the TEEGRIS kernel. Combined with a liberal setting allowing rollbacks of components to earlier (vulnerable) versions and a lack of granularity in the TEE design, these vulnerabilities gave us full access to the entire memory, exposing all sensitive information. The only remaining hurdle for an attacker would be to install a malicious app under the Android operating system. This would typically be done after rooting the phone, an operation available to well-funded attackers.
After reporting our findings to the smartphone vendor, all issues were patched, and users can mitigate the risk by updating their phones. However, we believe that the implementation complexity and inherent sensitivity of low-level software to security weaknesses are reasons for concern. Since the TEEs provide a dynamic solution, where new drivers and TAs may be added over time, there is a real risk of reoccurring issues. To reduce the risk of breaches, we recommend thorough evaluations of new and added versions of all TEE components.
Contributed by Marc Witteman, CEO, and Federico Menarini, Principal Security Analyst, Riscure. If you have any questions, contact us at inforequest@riscure.com.