Chip Chop - Smashing the Mobile Phone Secure Chip for Fun and Digital Forensics

Presented at Black Hat USA 2021, Aug. 5, 2021, 10:20 a.m. (40 minutes)

<div><span>Hardware security modules in the form of Embedded Secure Element (eSE) hardware have been introduced in mobile phones, with a view towards increasing the security of critical system features and encrypted user data. On Android, this concept goes under names like "strongbox" and "tamper resistant hardware" (TRH).</span></div><div><span><br></span></div><div><span>The eSE is designed to remain secure even if the rest of the system is compromised, and to withstand both logical and physical attacks, including side channel attacks.</span></div><div><span><br></span></div><div><span>We present how we adapted current state-of-the-art attacks to the eSE platform and present a remote attack on a Common Criteria EAL 5+ (AVA_VAN.5) certified eSE by Samsung, S3K250AF, introduced in their premium mobile models with the Exynos chipset (Galaxy S20 and Note 20). We show how we discovered a critical 0-day vulnerability that can be exploited, leading to a complete compromise of all the eSE security goals and a full loss of future eSE trust, as mitigation of our attack in already fielded devices is challenging, as we exposed the embedded AES key used for encrypted FW updates.</span></div><div><span><br></span></div><div><span>Our eSE attack is performed using the eSE logical APDU communication and can be performed remotely by an attacker with root access in the Rich Execution Environment (REE). Current research is ongoing, to remove this rooted REE constraint, e.g. by doing a chip-off/on attack on the eSE and performing brute force using a Rubber Ducky or similar.</span></div><div><span><br></span></div><div><span>The ultimate result of our research facilitates digital forensic acquisition of affected devices in before-first-unlock (BFU) state, and we demonstrate how to conduct off-device brute force of user screen lock credentials.</span></div><div><span><br></span></div><div><span>Our attack exposes the gap between intended/promoted and achieved security, undermining the needed trust in certifications.</span></div><div><span><br></span></div><div><span>The vulnerability is patched (CVE-2020-28341 / SVE-2020-18632).</span></div>

Presenters:

• Gunnar Alendal - PhD Candidate, Norwegian University of Science and Technology
  Gunnar Alendal is a PhD candidate in the Department of Information Security and Communication Technology at Norwegian University of Science and Technology. He received his Cand.Scient. degree in Cryptography from the University of Bergen, Norway. He specializes in the use (and abuse) of cryptography, reverse engineering, malware detection, security vulnerabilities, and exploitation. He has extensive experience in the field and was the main contributor to the "got HW crypto?" research in 2015, which got some media attention.

Links:

• https://www.blackhat.com/us-21/briefings/schedule/#chip-chop---smashing-the-mobile-phone-secure-chip-for-fun-and-digital-forensics-23566

Similar Presentations:

• Black Hat USA 2021 / Hacking a Capsule Hotel - Ghost in the Bedrooms
• Black Hat Asia 2021 Virtual / Wideshears: Investigating and Breaking Widevine on QTEE
• Black Hat Asia 2021 Virtual / "We Are About to Land": How CloudDragon Turns a Nightmare Into Reality