1. Home
  2. Techniques
  3. Mobile
  4. Exploit TEE Vulnerability

Exploit TEE Vulnerability

A malicious app or other attack vector could be used to exploit vulnerabilities in code running within the Trusted Execution Environment (TEE) [1]. The adversary could then obtain privileges held by the TEE potentially including the ability to access cryptographic keys or other sensitive data [2]. Escalated operating system privileges may be first required in order to have the ability to attack the TEE [3]. If not, privileges within the TEE can potentially be used to exploit the operating system [4].

ID: T1405
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Platforms: Android
MTC ID: APP-27
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Mitigations

ID Mitigation Description
M1005 Application Vetting
M1001 Security Updates
M1006 Use Recent OS Version

References

  1. Josh Thomas and Charles Holmes. (2015, September). An infestation of dragons: Exploring vulnerabilities in the ARM TrustZone architecture. Retrieved December 9, 2016.
  2. laginimaineb. (2016, June). Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption. Retrieved December 9, 2016.
  1. Jan-Erik Ekberg. (2015, September 10). Android and trusted execution environments. Retrieved December 9, 2016.
  2. laginimaineb. (2016, May). War of the Worlds - Hijacking the Linux Kernel from QSEE. Retrieved December 21, 2016.