Launching Feedback-Driven Fuzzing on TrustZone TEE

Explore the intricacies of TrustZone technology and its implementation in modern ARM-driven smartphones through this 43-minute conference talk from the Hack In The Box Security Conference. Dive into the concept of hardware isolation for secure data processing, understanding the division between Normal World and Secure World. Learn about the potential security implications of breaching TrustZone, including compromising Root Of Trust and achieving rootkit persistence. Focus on techniques for accessing TrustZone from Android userspace in Samsung Galaxy smartphones, specifically examining the Trustonic implementation of Trusted Execution Environment (TEE). Discover the vulnerabilities in trusted applications (trustlets) and gain insights into an innovative approach for automatically uncovering these vulnerabilities using feedback-driven fuzzing with AFL. Benefit from the speaker's expertise in binary security analysis, CPU architectures, and operating systems as you explore universal approaches for bug hunting in complex technology stacks.