ARM TrustZone can be attacked via power management software

September 29, 2017 //By Nick Flaherty
Researchers at Columbia University in New York have shown that ARM’s TrustZone technology can be vulnerable to side channel attacks using power consumption and clock data.

The CLKSCREW project was shown at the recent Usenix Security conference and is signficant as it just uses software. Other side channel attacks using differential power analysis have to have access to the hardware to measure the energy use of the power lines. 

Instead, CLKSCREW exploits the software that controls the dynamic voltage scaling induce faulty computations in the security subsystem, dramatically reducing the number of possible encryption keys. This then leaves the system open to a ‘brute force’ attack to work out the keys.

“This is dangerous when these faults can be induced from lower privileged software across hardware-enforced boundaries, where security sensitive computations are hosted,” say the researchers, led by Adrian Tang. This particular vulnerability is important as it unlike physical fault attacks, it enables fault attacks to be conducted purely from software. Remote exploitation with CLKSCREW becomes possible without the need for physical access to target devices.

CLKSCREW has been tested out on Google's Nexus 6 smartphone, which uses the same power management chip as the Samsung Galaxy Note 4 which would also be vulnerable.