Breaking Samsung's ARM TrustZone

Conference:  BlackHat USA 2019



The presentation discusses the implementation of TrustZone technology on Samsung devices and the vulnerabilities found and exploited in the system.
  • TrustZone technology is used to access hardware-backed features and create advanced systems such as DRM
  • Samsung devices use either Exynos or Qualcomm TrustZone
  • Vulnerabilities were found in the trusted OS and secure drivers, allowing for privilege escalation and execution in EL3
  • The presentation provides an anecdote of exploiting a buffer overflow in the SVM trusted driver to gain access to sensitive operations
  • The vulnerability has been patched in newer versions of Samsung's resume
The presentation details the exploitation of a buffer overflow in the SVM trusted driver to gain access to sensitive operations. The vulnerability allowed for user control size and source to be copied directly into the stack, resulting in a textbook buffer overflow. This allowed for execution in EL3 and access to more sensitive operations, including mapping physical memory and creating slides. The vulnerability has since been patched in newer versions of Samsung's resume.


The increasing popularity of connected devices in recent years has led manufacturers to put a greater emphasis on security, finding themselves in need of robust designs that would protect their users. From these requirements emerged the ARM TrustZone, a system-wide hardware isolation technology. It introduces a trusted Secure World that can process code and data while ensuring their integrity and confidentiality. This Secure World can also watch over the user-controlled (and therefore untrusted) Normal World to verify its integrity, similarly to the mechanism implemented in Samsung's TIMA.It can also access hardware peripherals, such as keyboards, screens, or crypto-processors in a secure and isolated manner to create trusted UIs, implement DRMs, etc. All the sensitive data and the critical interruptions are directly handled by the Secure World without ever passing through the Normal World.However, the usage of this technology comes at a cost. By widening the attack surface and exposing privileged components, TrustZone can potentially introduce a single point of failure that allows the compromission of the entire system. Using Samsung's TrustZone implementation as a target, this presentation explains and demonstrates how this new attack surface can be leveraged to hijack and exploit trusted components. After explaining the internals and interactions of these components developed by Samsung, different vulnerabilities will be detailed and exploited to execute code at EL3, the highest privilege level on an ARM-based system.