Announcement

Collapse
No announcement yet.

Slava Makkaveev - Digging into Xiaomi’s TEE to get to Chinese money

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Slava Makkaveev - Digging into Xiaomi’s TEE to get to Chinese money

    Slava Makkaveev - Digging into Xiaomi’s TEE to get to Chinese money



    Slava Makkaveev, Security Researcher, Check Point



    Presentation Title: Digging into Xiaomi’s TEE to get to Chinese money
    Length of presentation: 20 minutes
    Demo, Exploit

    The Far East and China account for two-thirds of global mobile payments in 2021. That is about $4 billion in mobile wallet transactions. Such a huge amount of money is sure to attract the attention of hackers. Have you ever wondered how safe it is to pay from a mobile device? Can a malicious app steal money from your digital wallet? To answer these questions, we researched the payment system built into Xiaomi smartphones based on MediaTek chips, which are very popular in China. As a result, we discovered vulnerabilities that allow forging payment packages or disabling the payment system directly from an unprivileged Android application.


    Mobile payment signatures are carried out in the Trusted Execution Environment (TEE) that remains secure on compromised devices. The attacker needs to hack the TEE in order to hack the payment. There is a lot of good research about mobile TEEs in the public domain, but no one pays attention to trusted apps written by device vendors like Xiaomi and not by chip makers, while the core of mobile payments is implemented there. In our research, we reviewed Xiaomi's TEE for security issues in order to find a way to scam WeChat Pay.


    SPEAKER BIO:
    Slava Makkaveev is a Security Researcher at Check Point Research. Holds a PhD in Computer Science. Slava has found himself in the security field more than ten years ago and since that gained vast experience in reverse engineering and vulnerability research. Recently Slava has taken a particularly strong interest in mobile platforms and firmware security. Slava was a speaker at DEF CON, CanSecWest, REcon, HITB and others.


    REFERENCES:
    This is an innovative work based on our own reverse engineering experience. The only source of information that helped with the research is the Tencent Soter wiki page:

    https://github.com/Tencent/soter/wiki

    []

Working...
X