[147819] in cryptography@c2.net mail archive
Re: [Cryptography]
daemon@ATHENA.MIT.EDU (Scott G. Kelly)
Tue Oct 22 22:27:54 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 22 Oct 2013 18:47:45 -0700 (PDT)
From: "Scott G. Kelly" <scott@hyperthought.com>
To: "Tom Ritter" <tom@ritter.vg>
In-Reply-To: <CA+cU71nbJ9_dcvij=SeLZ=+fSAbEL89MB-8XtgYzazhaPwfJRw@mail.gmail.com>
Cc: Ruben Pollan <meskio@sindominio.net>,
Viktor Dukhovni <cryptography@dukhovni.org>, cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Tuesday, October 22, 2013 9:29am, "Tom Ritter" <tom@ritter.vg> said:
<trimmed...>
> And to add another, there was a presentation on ARM TrustZone, the OS
> inside your CPU, that's seems so designed for backdoors that ARM
> actually gives tips for running TrustZone invisible to the normal OS.
> https://www.hackinparis.com/sites/hackinparis.com/files/Slidesthomasroth.pdf
>
> These are increasingly worrying me as well. The Secure Element on
> Android can at least (if you root and edit the .xml file) be queried
> to learn identifiers of what is installed there, if not directly
> interact with them.
I gave a talk on this at cansecwest last year:
http://cansecwest.com/csw12/RootProof-CSW2012-v1_1.pptx
I don't think ARM would ever promote secret code and back doors, but there is nothing they can do to prevent someone for using TZ in that manner. Your Android code runs "in the matrix". Good thing we can trust our providers.
--Scott
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
