Our recent investigation into the integration of blockchain technology with mobile devices has brought to light significant security concerns. These go beyond software risks to include potentially serious hardware vulnerabilities.
When it comes to security, defense in depth is the best approach. It's a strategy that employs multiple layers of security, rather than relying on a single solution. For a mobile Web3 wallet, this means not just focusing on one aspect of security—like the operating system or the secure hardware—but incorporating a comprehensive array of protective measures.
Each layer plays a pivotal role in fortifying the wallet's defenses. It’s a misconception to assume that any single layer, on its own, is sufficient. With various attack scenarios in the wild, placing all bets on one form of defense is a gamble that could expose users to significant risks.
We discovered that under certain conditions, a threat actor could install custom firmware with a root backdoor onto a certain popular Web3-targeted phone, and thus access all plaintext data. This could happen before a customer receives their phone, meaning it is compromised from the very beginning. This scenario is more likely than a user having their phone stolen, tampered with, and then returned, as the bootloader attack results in a complete reset and erasure of the device. The main risk is for someone receiving a device without knowing that it has already been tampered with by attackers who have installed a backdoor.
The risk of unlocked bootloaders is not unique to the Solana phone; it's a broader issue in mobile device security, particularly in devices with similar security configurations. However, many manufacturers implement stringent security measures related to the bootloader, which greatly minimizes the risk.
In light of these findings, we thought it essential to examine the use of Trusted Execution Environments (TEEs) in mobile devices. TEEs, intended to provide a secure area within a device's main processor, play a pivotal role in safeguarding sensitive data, such as private keys, from software attacks. However, our recent findings highlight that the effectiveness of TEEs is heavily dependent on their implementation.
We tested a device equipped with a dedicated TEE-based wallet, which featured a "secure mode" during wallet setup. In this mode, users set a PIN code, which is intended to act as a safeguard for the TEE wallet. This setup theoretically ensures that, even with physical access and the phone passcode, the TEE wallet remains inaccessible without the PIN.
However, our investigation revealed a critical vulnerability within the TEE itself. We found that an attacker could extract the PIN code stored in the TEE, allowing them to access the wallet and retrieve the private key as if they were the owner. This finding is alarming, as it uncovers a significant security gap in TEEs, which are often deemed the ultimate defense in device security.
This underscores a crucial point: the security strength of hardware-based secure vaults is heavily contingent on their implementation. While a properly implemented TEE can effectively shield keys from OS-level attacks, vulnerabilities can still be exploited by privileged attackers if the implementation is flawed.
It is essential for TEE-based secure vault implementations to undergo thorough reviews by professional security experts. These reviews are critical in ensuring that the TEEs function as intended, providing the robust security necessary for the safekeeping of private keys in Web3 wallets.
Following responsible disclosure protocols, we reported these vulnerabilities to the device vendors. The TEE vulnerability has since been addressed and satisfactorily fixed. To mitigate such risks, manufacturers must enforce strong security measures, not just in software like the bootloader but also in hardware components like TEEs.
Users must remain vigilant about their device's physical security and choose wallets and apps with advanced security features. Developers should prioritize robust security measures at all levels of their products, especially when dealing with blockchain and Web3 technologies that have the potential to store large amounts of value.
This case study underscores the need for a holistic approach to security in the blockchain domain. As blockchain technologies continue to evolve and integrate with everyday devices, the security of all components—software, hardware, and user interfaces—becomes critical for the safe adoption and growth of Web3 technologies.
In conclusion, the discovery of risks in both the bootloader and TEEs of blockchain-integrated mobile devices serves as a stark reminder of the complex and multifaceted nature of security challenges in Web3. It's imperative for all stakeholders in the Web3 ecosystem to collaborate and address these challenges proactively to ensure a secure and resilient future for the industry.
This blog post is a part of CertiK's ongoing commitment to raising security awareness and providing insights into the evolving landscape of blockchain technology security.