While security of mobile operating systems is one of the most researched topics today, exploiting and rootkitting ARM-based devices gets more and more interesting. This article will focus on the exploitation of TEEs (Trusted Execution Environments) running in ARM TrustZone to hide a TrustZone-based-rootkit.

First let’s take a look over what we are protecting on our modern mobile phones:

  1. We protect our communication – doesn’t matter if it’s calls or text messages
  2. Our data – lots of people have documents on their phones (from their businesses, presentations, contracts and so on)
  3. Our Credentials – like email passwords, different type of keys, etc.
  4. Our Payments – like online wallets (google wallet, yahoo wallet), PayPal, and other bank information.

Let’s see what famous rootkits succeeded to collect information from mobiles, and remain hidden for a long time.

CarrierIQ

Used for logging user keystrokes, recording telephone calls, storing text messages, tracking location and more than that was difficult or impossible to disable.

The software’s meant to improve the customer experience, however in nearly every case, CarrierIQ users don’t know about the software’s existence, as it runs hidden in the background and doesn’t require authorized consent to function.

This rootkit was discovered by Trevor Eckhart and he demonstrated in a video that CarrierIQ is tracking our data.

http://www.youtube.com/watch?&v=T17XQI_AYNo

At the end, his questions are:

- Why do key presses submit UI01 & unique key codes?

- Why does SMSNotify get called and show to be dispatching text messages to CarrierIQ ?

- Why is my Browser data being read, especially HTTPs on my WiFi?

- Why is this not opt-in and Why is it so hard to FULLY remove?

What you can do?

Trevor Eckhartcreated a tool called Logging TestApp which turned into a full security suite and can be used to verify what logging is being done on your phone and where data is going. It will assist you in manually removing parts you do not know are running. Alternatively, the pro version of Logging TestApp -automates everything - and is available in the Android Marketplace for $1 – it has also proven successful in most situations.

FinFisher – FinSpy

FinSpy is a Remote Monitoring Solution that enables governments, agencies and companies to face the current challenges of monitoring mobiles. It has been proven successful in operations around the world for many years, and valuable intelligence has been gathered about target individuals and organizations. It’s spread by links, email attachments, infected websites.

FinFisher was made by a company called Gamma International, and it is marketed as a powerful tool for accessing the computers of suspected criminals and terrorists secretly. Once it has infected your computer, FinFisher is not detected by anti-virus or antispyware software. Some of FinFisher’s capabilities are the following: steals passwords from your computer, allowing access to your e-mail accounts; wiretaps your Skype calls; turns on your computer’s camera and microphone to record conversations and video from the room that you are in.

A quick description of the FinSpy tool collected by Privacy International among others and posted on Wikileaks make a series of claims about functionality:

  • Bypassing of 40 regularly tested Antivirus Systems
  • Covert Communication with Headquarters
  • Full Skype Monitoring (Calls, Chats, File Transfers, Video, Contact List)
  • Recording of common communication like Email, Chats and Voice-over-IP
  • Live Surveillance through Webcam and Microphone
  • Country Tracing of Target
  • Silent Extracting of Files from Hard-Disk
  • Process-based Key-logger for faster analysis
  • Live Remote Forensics on Target System
  • Advanced Filters to record only important information
  • Supports most common Operating Systems (Windows, Mac OSX and Linux)

Be wary of opening unsolicited attachments received via email, Skype or any other communications mechanism. If you believe that you are being targeted it pays to be especially cautious when downloading files over the Internet, even from links that are purportedly sent by friends.

You can find some very well explained articles regarding FinFisher on citizenlab.org (find the links in resources section)

Where rootkits are hidden?

On mobile phones there are just two places where rootkits can hide with success: CPU and Baseband. On most operating platforms, both CPU and Baseband have full memory access so if you can own the Baseband you actually own the device. Even so, we can find around the CPU and Baseband, a small hardware addition by ARM called TrustZone and I will focus on this for the rest of article.

The ARM processor is a 32-bit RISC processor, meaning it is built using the reduced instruction set computer (RISC) instruction set architecture (ISA). ARM processors are microprocessors and are widely used in as many as 98% of mobile phones sold each year. They are also used in personal digital assistants (PDA), digital media and music layers, hand-held gaming systems,
calculators, and even computer hard drives.

TrustZone is basically a secure chip in your ARM processor that allows the processor to switch into a “secure mode” which hopefully will execute only trusted code.

Here are other TrustZone functions:

  • Secure access to screen, keyboard and other peripherals
  • Tries to protect against malwares, Trojans and rootkits
  • So called TEEs (Trusted Execution Environments) run on it.
  • Splits the CPU in two worlds, secure and normal.
  • Communication between both worlds is made via shared memory mappings.

Trusted Execution Environmentals is a small operating system running in TrustZone that provides services to the real operating system. To better understand TEEs we can look at Netflix as an example:

  • Requires a device certification
  • For SD, the device just needs to be fast enough to play video
  • For HD, the labels require ‘end-to-end’ DRM, so that the video-stream can’t be grabbed at any time
  • Video decoding running in TrustZone with direct access to screen, no way to record it from Android.

The image below by Thomas Roth explains perfectly how the whole system works, connecting

the normal world and secure world together

Click to Enlarge

Click to Enlarge

The SMC is sorted out of the information received from the normal or secure world, store registers of the current world, load new world registers, toggle NS and execute the application.

Memory allocation by Thomas Roth

Click to Enlarge

Click to Enlarge

Normal world can only access its own memory and shared segment, secure world can access everything.

The boot process will start the trusted segment first, then the normal segment, as bellow (image by Thomas Roth)

Click to Enlarge

Click to Enlarge

Basically, the vendor installs a small operating system in a part of the CPU and this OS can do anything. Also third party apps are installed on it as well.

Knowing these facts, let’s see what we need to build a rootkit in TrustZone

OMAP HS development board. (Open Multimedia Applications Platform)

Want to learn more?? The InfoSec Institute Web Application Penetration Testing Boot Camp focuses on preparing you for the real world of Web App Pen Testing through extensive lab exercises, thought provoking lectures led by an expert instructor. We review of the entire body of knowledge as it pertains to web application pen testing through a high-energy seminar approach.

The Web Application Penetration Testing course from InfoSec Institute is a totally hands-on learning experience. From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought provoking lectures led by an expert instructor. Every lecture is directly followed up by a comprehensive lab exercise (we also set up and provide lab workstations so you don't waste valuable class time installing tools and apps). Benefits to you are:

  • Get CWAPT Certified
  • Learn the Secrets of Web App Pen Testing in a totally hands-on classroom environment
  • Learn how to exploit and defend real-world web apps: not just silly sample code
  • Complete the 83 Step "Web App Pen Test Methodology", and bring a copy back to work with you
  • Learn how perform OWASP Top 10 Assessments: for PCI DSS compliance
  • Connectivity and system integration
  • Support best-in-class video, graphics and multimedia performance.
  • Security - OMAP processors support secure boot and run time,
  • Vision Analytics – distributed vision processing, or DVP, framework and includes a

    programmable DSP.

  • OMAP processors provide hardware and software support for the virtualization and cloud computing
  • Packaging – TI offers OMAP processors in a variety of package options
  • System performance support a range of applications and demands.
  • Quality & reliability – rigorous quality assurance practices and has a zero-DPPM strategy to continuously improve its products.

QEMU - Quick EMUlator hosted virtual machine monitor:

  • It emulates central processing units through dynamic binary translation and provides a set of device models, enabling it to run a variety of unmodified guest operating systems.
  • Also provides an accelerated mode for supporting a mixture of binary translation (for kernel code) and native execution (for user code), in the same fashion VMware Workstation and VirtualBox do.
  • QEMU can also be used purely for CPU emulation for user-level processes, allowing applications compiled for one architecture to be run on another.

TEE (Trusted Execution Environment)

  • Is used to protect the secure kernel and peripherals from code running in the primary operating system.
  • Supports ARM11
  • Allows multiple operating systems such as Android, Linux, BSD and other “normal world” OS’s
  • Minimizes memory and system overhead

Note* A tutorial about how to create a small virus for android you can find in my References links

Supposing you already created your rootkit and have it integrated inside TrustedZone there are few things to keep in mind:

  • Have a different execution environment, separated from the normal OS
  • Be sure you covered your traces in order to keep the access for a long time.
  • Get control over the CPU regularly in order to access user data, and manipulate the memory.

How to infect other phones?

  • -using infected apps
  • -via updates
  • -baseband attack

How to avoid infection over your phone?

  • Latency
  • Be paranoid
  • Triple check your apps source and be sure you’re installing the apps from trusted vendors.

References

  1. Trevor Eckhart – CarrierIQ
  2. Xda-developers – Logging TestApp
  3. FinFisher – Wikileaks
  4. FinFisher spykit exposed by citizenlab.org
  5. Bootloader Project – wikipedia page
  6. Generic emulator – QEMU
  7. Open Virtualization – TEE
  8. Create a virus for android
  9. HIP13 – Next generation rootkits dor ARM based devices