Explore the world of next-generation mobile rootkits in this Black Hat EU 2013 conference talk. Delve into the use of hardware security features in last-generation ARM processors to create and conceal rootkits that are virtually undetectable by operating systems. Learn about TrustZone technology, Trusted Execution Environments, and their applications in mobile security. Discover the attacker model, memory management in TrustZone, and the boot process for these advanced rootkits. Gain insights into hardware support, testing environments, and rootkit scheduling techniques. Examine IRQ interception, Secure World setup, and communication methods. Understand the challenges of interoperability and detection methods for these sophisticated mobile threats. Benefit from the speaker's practical experience in developing and hiding an actual rootkit using these cutting-edge techniques.
Overview
Syllabus
Intro
Mobile rootkits
What is TrustZone?
About TrustZone
Trusted Execution Environments
Example: Netflix
Attacker Model
How does it work?
Memory in TrustZone
Boot process
By the way
Hardware support
Where to test?
Scheduling the rootkit
IRQ'interception
Secure World Memory Setup
Secure World Initialization
Monitor setup
Lockdown: SCR
Start operating system
Communication
Interoperability
Detection methods
Thank you for staying!
Taught by
Black Hat
