Talk Title:

Journey into JTAG

Abstract:

This paper delves into the security mechanisms and vulnerabilities of the Samsung Galaxy S4's hardware-based protections, focusing on ARM TrustZone technology and the Secure JTAG interface. ARM TrustZone enforces isolation between a secure and non-secure world, while the Secure JTAG interface is utilized for debugging and testing during manufacturing. Despite these robust features and the device's FIPS certification, which signifies adherence to high security standards, this paper identifies significant vulnerabilities.

This paper outlines a novel approach to exploit these weaknesses, detailing practical demonstrations of bypassing anti-rollback mechanisms, re-enabling secure JTAG access, and implementing a custom bootloader on a fused production device. These findings highlight critical gaps in the security measures of this device, offering valuable insights for enhancing mobile device security.

This research underscores the importance of rigorous testing and continuous enhancement of hardware-based security protections in ensuring robust security for mobile devices.

Speaker Bio:

Ryan Grachek (aka OscarDaGrach) is a self-taught security researcher currently working in the semiconductor industry. He has been taking everything he owns apart since his childhood - always wondering "How does it work?"