The ARM TrustZone technology is a System on Chip (SoC) representing a secure area of the main processor included in Android smartphones.
It is a special section of the Android kernel that runs its own operating system — the TrustZone OS — that works separately from the main Android OS.
TrustZone is tasked with creating a secure zone where the Android OS can run the most crucial and sensitive operations, like the ones that handle encrypted data. These operations run as special apps — named trustlets — inside the TrustZone OS.
When TrustZone OS loads a trustlet, it first checks its cryptographic digital signature to see if it is signed by the right party. This integrity check aims at removing the risk of loading tampered trustlets.
“The threat is caused by the fact that the trustlets (trusted applications) lack version rollback prevention, and use the same key pair for different firmware versions,” Yue Chen, one of the researchers, told Bleeping Computer via email.
This means attackers can replace new trustlets with older versions of the same trustlet without the TrustZone OS ever noticing the switch, because the cryptographic keys are the same.
