[Cryptography] programable computers inside our computers (was: Hasty PRISM proofing considered harmful)
Scott G. Kelly
scott at hyperthought.com
Tue Oct 22 21:47:45 EDT 2013
On Tuesday, October 22, 2013 9:29am, "Tom Ritter" <tom at ritter.vg> said:
<trimmed...>
> And to add another, there was a presentation on ARM TrustZone, the OS
> inside your CPU, that's seems so designed for backdoors that ARM
> actually gives tips for running TrustZone invisible to the normal OS.
> https://www.hackinparis.com/sites/hackinparis.com/files/Slidesthomasroth.pdf
>
> These are increasingly worrying me as well. The Secure Element on
> Android can at least (if you root and edit the .xml file) be queried
> to learn identifiers of what is installed there, if not directly
> interact with them.
I gave a talk on this at cansecwest last year:
http://cansecwest.com/csw12/RootProof-CSW2012-v1_1.pptx
I don't think ARM would ever promote secret code and back doors, but there is nothing they can do to prevent someone for using TZ in that manner. Your Android code runs "in the matrix". Good thing we can trust our providers.
--Scott
More information about the cryptography
mailing list