The Road to Qualcomm Trust Zone Apps Fuzzing

Explore the intricacies of Trusted Execution Environment (TEE) and its role in protecting critical mobile device data in this conference talk from Recon 2019. Delve into the speaker's methodology for automatically discovering vulnerabilities in trusted components within Qualcomm's TEE, which is backed by ARM TrustZone. Learn about the isolated virtual Secure World running on Qualcomm's dedicated OS and how trusted apps handle mobile data security. Discover the challenges and techniques involved in reverse engineering the Qualcomm TrustZone ecosystem, including executing trusted apps in the Normal World, bypassing Qualcomm's Chain of Trust, and adapting apps for different manufacturers' devices. Gain insights into the process of building a functional fuzzer for TrustZone apps and understand why these apps are prime targets for fuzzing-based vulnerability research due to their internal structure and TEE architecture.