DroneSec_EMFI.pdf
1.6 MB
📡Drone Security and Fault Injection Attacks
"IOActive has been researching the possibility of using non-invasive techniques, such as electromagnetic (EM) side-channel attacks or EM fault injection (EMFI), to achieve code execution on a commercially available drone with significant security features. For this work, we chose one of the most popular drone models, DJI’s Mavic Pro. DJI is a seasoned manufacturer that emphasizes security in their products with features such as signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot."
#DJI_Mavic_Pro #Drone #UAV #RF #SCA #Timing_Attack #Power_Analysis #EMFI #fw #cryptography #security #expoitation #memory_corruption #code_execution
"IOActive has been researching the possibility of using non-invasive techniques, such as electromagnetic (EM) side-channel attacks or EM fault injection (EMFI), to achieve code execution on a commercially available drone with significant security features. For this work, we chose one of the most popular drone models, DJI’s Mavic Pro. DJI is a seasoned manufacturer that emphasizes security in their products with features such as signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot."
#DJI_Mavic_Pro #Drone #UAV #RF #SCA #Timing_Attack #Power_Analysis #EMFI #fw #cryptography #security #expoitation #memory_corruption #code_execution
👍2🔥2
Forwarded from Private Shizo
Recon23-Android-FBE-mrossibellom-dmelotti.pdf
5.3 MB
📲Dissecting the Modern Android Data Encryption Scheme
"In this talk, we(@max_r_b & @DamianoMelotti)present the logic behind the generation and storage of the keys for Android's user data encryption, called File-Based Encryption. Referencing the implementation in the AOSP (Android Open Source Project), we follow the steps performed by the system to generate the final encryption keys.
Analyzing this process, we describe how elements from the file system, TEE and Secure Element (when present) are combined with the user's credentials, which still remain essential in the derivation. In two scenarios, one relying on TrustZone (and the Gatekeeper TA), and one relying on a security chip (implementing Weaver), we show strategies on how they can be attacked. In this context we use two known software vulnerabilities to build a PoC on a Samsung A22 and on a Pixel 3a, to highlight the difficulties that one may face with this task."
"In this talk, we(@max_r_b & @DamianoMelotti)present the logic behind the generation and storage of the keys for Android's user data encryption, called File-Based Encryption. Referencing the implementation in the AOSP (Android Open Source Project), we follow the steps performed by the system to generate the final encryption keys.
Analyzing this process, we describe how elements from the file system, TEE and Secure Element (when present) are combined with the user's credentials, which still remain essential in the derivation. In two scenarios, one relying on TrustZone (and the Gatekeeper TA), and one relying on a security chip (implementing Weaver), we show strategies on how they can be attacked. In this context we use two known software vulnerabilities to build a PoC on a Samsung A22 and on a Pixel 3a, to highlight the difficulties that one may face with this task."
👍2