T1405 Exploit TEE Vulnerability
A malicious app or other attack vector could be used to exploit vulnerabilities in code running within the Trusted Execution Environment (TEE) 1. The adversary could then obtain privileges held by the TEE potentially including the ability to access cryptographic keys or other sensitive data 2. Escalated operating system privileges may be first required in order to have the ability to attack the TEE 3. If not, privileges within the TEE can potentially be used to exploit the operating system 4.
| Item | Value |
|---|---|
| ID | T1405 |
| Sub-techniques | |
| Tactics | TA0031, TA0029 |
| Platforms | Android |
| Version | 1.0 |
| Created | 25 October 2017 |
| Last Modified | 17 October 2018 |
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| M1005 | Application Vetting | - |
| M1001 | Security Updates | - |
| M1006 | Use Recent OS Version | - |
References
-
Josh Thomas and Charles Holmes. (2015, September). An infestation of dragons: Exploring vulnerabilities in the ARM TrustZone architecture. Retrieved December 9, 2016. ↩
-
laginimaineb. (2016, June). Extracting Qualcomm’s KeyMaster Keys - Breaking Android Full Disk Encryption. Retrieved December 9, 2016. ↩
-
Jan-Erik Ekberg. (2015, September 10). Android and trusted execution environments. Retrieved December 9, 2016. ↩
-
laginimaineb. (2016, May). War of the Worlds - Hijacking the Linux Kernel from QSEE. Retrieved December 21, 2016. ↩