Threat Category: Mobile Operating System
ID: STA-43
Threat Description: All operating systems intend to separate normally executed processes (e.g. excepting debuggers or similar environments that were specifically designed otherwise), thereby preventing one user-level process from accessing the memory allocated to another process in any way. Vulnerabilities in the design or implementation of the mobile OS, kernel, or the underlying computational hardware (e.g. CPU), may allow a malicious process to access memory locations allocated to another process. As a result, the attacker may be able to extract secrets (e.g. cryptographic keys, sensitive documents) from other processes, to potentially include the OS services or the kernel itself.
Threat Origin
Project Zero: Reading privileged memory with a side-channel 1
Exploit Examples
CVE Examples
Possible Countermeasures
To reduce the opportunity for an attacker to compromise the confidentiality of secrets in process memory, the memory location allocated to any secrets, such as cryptographic keys, should be explicitly overwritten as soon as its contents are no longer in use.
To reduce the opportunity for an attacker to compromise the confidentiality of secrets in process memory, secrets (e.g. cryptographic keys) should not be read into memory until they are needed as input to computations.
EnterpriseTo reduce the opportunity for an attacker to leverage any underlying vulnerability in the mobile OS or computing hardware, apply OS security updates in a timely fashion.
Mobile Device UserTo reduce the opportunity for an attacker to leverage any underlying vulnerability in the mobile OS or computing hardware, apply OS security updates in a timely fashion.
References
J. Horn, “Reading privileged memory with a side-channel”, Project Zero blog, Google, Jan. 3, 2018; https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html [accessed 1/10/2018] ↩
P. Kocher et al., Spectre Attacks: Exploiting Speculative Execution, white paper, 2017; https://spectreattack.com/spectre.pdf [accessed 02/02/2018] ↩
M. Lipp et al., Meltdown, white paper, 2017; https://meltdownattack.com/meltdown.pdf [accessed 02/02/2018] ↩