Exploiting QSEE, The Raelize Way

Explore the vulnerabilities and exploitation techniques of Qualcomm's Trusted Execution Environment (QSEE) in this comprehensive conference talk from HITB2021AMS. Delve into the technical details of software vulnerabilities discovered in QSEE on Qualcomm IPQ40xx-based networking devices, and learn how these were exploited to achieve arbitrary code execution. Examine the innovative approach of using Electromagnetic Fault Injection (EMFI) attacks to compromise the TEE without relying on software vulnerabilities. Gain insights into the system-level perspective on security, understanding how both software architecture and hardware resilience contribute to overall device security. Analyze the impact of these vulnerabilities on affected devices and discuss the challenges in addressing hardware-based security issues. Benefit from the expertise of seasoned security researchers Cristofaro Mune and Niek Timmers as they share their findings on TEE exploitation, fault injection techniques, and the broader implications for embedded device security.