Conversation

If you are curious how all this thing works, check out this wiki page for a brief intro. en.wikipedia.org/wiki/Trusted_e As I said, if you manage to break into TEE, publish a paper, be famous (academically), and enjoy the bounty money 😉

Quote Tweet

John Wu

@topjohnwu

Mar 11, 2020

To hack this thing, you have to either find a vulnerability in TEE firmware (which will be patched ASAP once found) or hardware (less likely to happen) to break the cryptography. Breaking TEE won't be easy, which is why many security researchers are actively working on it.

Show this thread

118

Replying to

The bounty money is quite good, too. Up to $250K for RCE in the Pixel TEE, and up to $1M for the Titan M. As the author of keymaster and owner of keystore attestation, I strongly encourage everyone to find the vulns and collect the bounties! So we can fix the vulns, of course.

Replying to

and

If I'm not mistaken, Safetynet's security relies on all the ecosystem's TEE safety, not just Pixels. Once one is broken, everyone using Magisk (or whatever) can jump on this private key+fp. And from my lengthy experience, Android doesn't spend time towards its ecosystem's safety.

Replying to

and

pointed out, can't those keys just be revoked?

Replying to

Of course, but will Google actually revoke them? Say you have a security flaw in Qualcomm's bootloader, will Google revoke every single Qualcomm device? When (not if.) that happen, will they close their money-maker Google Pay to 100M+ customers?

Replying to

Yes, we will revoke them. If the keys are leaked, we'll revoke them. If the firmware has an unrecoverable flaw, we'll revoke them. If the firmware has a flaw that can be fixed via OTA, we'll analyze the situation to decide if that is adequate.

Replying to

Note that a decision to revoke by the Android security team is separate from a decision to honor that revocation, or not, by the SafetyNet team; I can't speak for them. I think their default position will be to honor our revocation, though.

Replying to

They could also choose to pass more information through to developers. They could add a field for whether hardware-based attestation was used. Of course, developers can use it on their own if they care about enforcing stronger properties than it does.

developer.android.com

SafetyNet Attestation API | Android Developers

The SafetyNet Attestation API provides services for determining whether a device running your app satisfies Android compatibility tests.

8:38 PM · Mar 11, 2020Twitter Web App

Likes