logo
allArticlesConferencesPresentations

Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch

Conference:  Defcon 26

2018-08-01

Summary

The presentation discusses the Tizen security internals and how privilege violations can impact various system services of the Gear SmartWatch. The speaker introduces a tool called Dan, which automatically evaluates privileged verification of Deva services and identifies potential privilege violations.
  • The presentation discusses the Tizen security internals and how privilege violations can impact various system services of the Gear SmartWatch
  • The speaker introduces a tool called Dan, which automatically evaluates privileged verification of Deva services and identifies potential privilege violations
  • The presentation provides a background on Tizen security internals and the three checkpoints for securing services
  • The speaker discusses how the Dan tool works and the steps involved in identifying potential privilege violations
  • The presentation concludes with a discussion on the possibility of applying the tool to other Tizen systems and advanced work on bypassing official mitigations enforced by Galaxy S4
The speaker demonstrates how the Dan tool works by using it to scan the Deva structure of the Samsung Gear SmartWatch. The tool identified over 130,000 readable properties and over 2,000 callable methods, but also produced some false positives. The speaker emphasizes the importance of identifying potential privilege violations to ensure the security of system services.

Abstract

You buy a brand-new smartwatch. You receive emails and send messages, right on your wrist. How convenient, this mighty power! But great power always comes with great responsibility. Smartwatches hold precious information just like smartphones, so do they actually fulfill their responsibilities? In this talk, we will investigate if the Samsung Gear smartwatch series properly screens unauthorized access to user information. More specifically, we will focus on a communication channel between applications and system services, and how each internal Tizen OS components play the parts in access control. Based on the analysis, we have developed a new simple tool to discover privilege violations in Tizen-based products. We will present an analysis on the Gear smartwatch which turns out to include a number of vulnerabilities in system services. We will disclose several previously unknown exploits in this presentation. They enable an unprivileged application to take over the wireless services, the user’s email account, and more. Further discussions will center on the distribution of those exploits through a registered application in the market, and the causes of the vulnerabilities in detail.
Materials:
Tags:

Post a comment

Related work

Aikido: Turning EDRs to Malicious Wipers Using 0-day Exploits

Conference:  RSA Conference 2023
Authors: Or Yair
2023-04-24

The Price of Convenience: How Security Vulnerabilities in Global Transportation Payment Systems Can Cost You

Conference:  Defcon 31
Authors: Omer Attias Security Researcher at SafeBreach
2023-08-01

Breaking Samsung's ARM TrustZone

Conference:  BlackHat USA 2019
Authors:
2019-08-08

Container Attack Surface Reduction Beyond Name Space Isolation

Conference:  BlackHat EU 2018
Authors:
2018-12-05

Breaking Managed Data Services in the Cloud

Conference:  Black Hat Asia 2023
Authors: Yoav Alon, Tzah Pahima, Yanir Tsarimi
2023-05-12

Why so Spurious? How a Highly Error-Prone x86/x64 CPU "Feature" can be Abused to Achieve Local Privilege Escalation on Many Operating Systems

Conference:  BlackHat USA 2018
Authors:
2018-08-08