Title

ARM TrustZone Security Adventures on Android

Presenter

Marcel Busch

Abstract

Android powers billions of devices worldwide, making the security of its system software critical to protecting users. In this talk, I present how we break and harden key components of Android’s trusted computing base. First, we expose design flaws in Trusted Applications that enable critical type confusion bugs and persistent rollback attacks in Trusted Execution Environments (TEEs). Second, we break into the Trusted Firmware layer by developing new techniques to rehost and fuzz secure monitor code, uncovering high-impact vulnerabilities in ARM TrustZone firmware. These results highlight systemic gaps in Android’s security model and point the way toward a stronger, more resilient platform.