ABSTRACT
Mobile systems have become widely adopted by users to perform sensitive operations ranging from on-line payments for personal use to remote access to enterprise assets. Thus, attacks on mobile devices can cause significant loss to user's personal data as well as to valuable enterprise assets. In order to mitigate risks arising from attacks, various approaches have been proposed including the use of Trusted Execution Environment (TEE) to isolate and protect the execution of sensitive code from the rest of the system, e.g. applications and other software.However, users remain at risk of exploits via several types of software vulnerabilities - indicating that enterprises have failed to deliver the required protection, despite the use of existing isolation technologies. In this paper, we investigate Samsung KNOX and its usage of TEE as being the current technology providing secure containers. First, we study how KNOX uses TEE and perform analysis on its design consideration from a system vulnerabilities perspective. Second, we analyse and discuss recent attacks on KNOX and how those attacks exploit system vulnerabilities. Finally, we present new shortcomings emerging from our analysis of KNOX architecture. Our research exhibits that system vulnerabilities are the underlying cause of many attacks on systems and it reveals how they affect fundamental design security principles when the full potential of TEE is not exploited.
- Dendroid malware can take over your camera, record audio, and sneak into Google Play. https://blog.lookout.com/blog/2014/03/06/dendroid/.Google Scholar
- Samsung. samsung unveils samsung KNOX for secure byod. http://www.samsung.com/uk/news/local/samsung-unveils-samsung-knox-for-secure-byod,2013.Google Scholar
- A software level analysis of trustzone os and trustlets in samsung galaxy phone. https://www.sensepost.com/blog/2013/a-software-level-analysis-of-trustzone-os-and-trustlets-in-samsung-galaxy-phone.Google Scholar
- Spotify. https://play.google.com/store/apps.Google Scholar
- Xposed module repository. http://xposed.info.Google Scholar
- CVE Details: CVE security vulnerability database. Security vulnerabilities, exploits, references and more. http://www.cvedetails.com/, 2016.Google Scholar
- ARM. ARM TrustZone.Google Scholar
- A. Atamli-Reineh and A. Martin. Securing application with software partitioning: A case study using SGX. In SecureComm, 2015.Google ScholarCross Ref
- R. A. Balisane and A. Martin. Trusted execution environment-based authentication gauge (TEEBAG). In NSPW. ACM, 2016. Google ScholarDigital Library
- E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in Android. In MobiSys. ACM, 2011. Google ScholarDigital Library
- K. Eduard. Google patches 40 vulnerabilities in Android. 2016.Google Scholar
- J.-E. Ekberg, K. Kostiainen, and N. Asokan. The untapped potential of trusted execution environments on mobile devices. IEEE S&P, 2014.Google Scholar
- N. Hardy. The confused deputy: (or why capabilities might have been invented). ACM SIGOPS, 1988. Google ScholarDigital Library
- Huawei. Two privilege escalation vulnerabilities in Huawei mate 7 smartphones. http://www.huawei.com/en/psirt/security-advisories/hw-432799, 2015.Google Scholar
- U. Kanonov and A. Wool. Secure containers in Android: the samsung KNOX case study. CoRR, 2016.Google ScholarDigital Library
- G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. sel4: Formal verification of an os kernel. In SIGOPS, SOSP '09, pages 207--220, New York, NY, USA, 2009. Google ScholarDigital Library
- A. Leicher, A. U. A. U. Schmidt, Y. Shah, I. Cha, and K. Prussia. Trusted Computing enhanced OpenID. In ICITST, 2010.Google Scholar
- W. Li, M. Ma, J. Han, Y. Xia, B. Zang, C.-k. Chu, and T. Li. Building trusted path on untrusted device drivers for mobile devices. In APSys. ACM, 2014. Google ScholarDigital Library
- A. Martin. The ten-page introduction to Trusted Computing. Technical Report RR-08-11, 2008.Google Scholar
- J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. SIGOPS, 2008. Google ScholarDigital Library
- F. McKeen, I. Alexandrovich, and A. Berenzon. Innovative instructions and software model for isolated execution. HASP, 2013. Google ScholarDigital Library
- M. Mimoso. NSA-approved samsung KNOX stores pin in cleartext. DEFCON, 2014.Google Scholar
- B. Parno, J. M. McCune, and A. Perrig. Bootstrapping Trust in Commodity Computers. In IEEE S&P, 2010. Google ScholarDigital Library
- G. Petracca, Y. Sun, T. Jaeger, and A. Atamli. Audroid: Preventing attacks on audio channels in mobile devices. In ACSAC, 2015. Google ScholarDigital Library
- G. Petracca, Y. Sun, T. Jaeger, and A. Atamli. Be aware: Controlling apps' access to sensitive audio-visual devices in mobile platforms. arXiv preprint arXiv:1604.02171, 2016.Google Scholar
- D. Rosenberg. QSEE TrustZone Kernel Integer Overfow Vulnerability. In Black Hat US, 2014.Google Scholar
- M. Salvador. Samsung pay: Tokenized numbers, flaws and issues. DEFCON, 2016.Google Scholar
- Samsung-KNOX. Samsung. whitepaper: Mobile malware and enterprise security.).Google Scholar
- R. Schlegel, K. Zhang, X.-y. Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A stealthy and context-aware sound trojan for smartphones. In NDSS, 2011.Google Scholar
- D. Shen. Exploiting Trustzone on Android. In Black Hat US, 2015.Google Scholar
- X. Zhang and W. Du. Attacks on Android clipboard. In DIMVA. Springer, 2014.Google ScholarCross Ref
- Y. Zhang, Z. Chen, H. Xue, and T. Wei. Fingerprints On Mobile Devices: Abusing and Leaking. In Black Hat US, 2015.Google Scholar
- X. Zheng, L. Yang, J. Ma, G. Shi, and D. Meng. TrustPAY: Trusted mobile payment on security enhanced ARM TrustZone platforms. In ISCC, 2016.Google Scholar
- Analysis of Trusted Execution Environment usage in Samsung KNOX
Recommendations
TEEv: virtualizing trusted execution environments on mobile platforms
VEE 2019: Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsTrusted Execution Environments (TEE) are widely deployed, especially on smartphones. A recent trend in TEE development is the transition from vendor-controlled, single-purpose TEEs to open TEEs that host Trusted Applications (TAs) from multiple sources ...
Vulnerability analysis of Qualcomm Secure Execution Environment (QSEE)
AbstractTrustZone technology is used to implement Trusted Execution Environment (TEE) in mobile devices. TEE is responsible for isolating and protecting the Trusted Computing Base (TCB) of the device. There are several TrustZone-based TEE ...
DroidPill: Pwn Your Daily-Use Apps
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityNowadays, attacking and defending Android apps has be- come an arms race between black hats and white hats. In this paper, we explore a new hacking technique called the App Confusion Attack, which allows hackers to take full control of benign apps and ...
Comments