Details

Autor(en) / Beteiligte

• Fanjas, Clément
• Gaine, Clément
• Aboulkassimi, Driss
• Pontié, Simon
• Potin, Olivier

Titel

Combined Fault Injection and Real-Time Side-Channel Analysis for Android Secure-Boot Bypassing

Ist Teil von

• Lecture notes in computer science, 2023, Vol.13820, p.25-44

Ort / Verlag

Cham: Springer International Publishing

Erscheinungsjahr

2023

Link zum Volltext

Quelle

Alma/SFX Local Collection

Beschreibungen/Notizen

• The Secure-Boot is a critical security feature in modern devices based on System-on-Chips (SoC). It ensures the authenticity and integrity of the code before its execution, avoiding the SoC to run malicious code. To the best of our knowledge, this paper presents the first bypass of an Android Secure-Boot by using an Electromagnetic Fault Injection (EMFI). Two hardware characterization methods are combined to conduct this experiment. A real-time Side-Channel Analysis (SCA) is used to synchronize an EMFI during the Linux Kernel authentication step of the Android Secure-Boot of a smartphone-grade SoC. This new synchronization method is called Synchronization by Frequency Detection (SFD). It is based on the detection of the activation of a characteristic frequency in the target electromagnetic emanations. In this work we present a proof-of-concept of this new triggering method. By triggering the attack upon the activation of this characteristic frequency, we successfully bypassed this security feature, effectively running Android OS with a compromised Linux Kernel with one success every 15 min.