By Waqas
Samsung says the data breach took place in July 2022 however it was only discovered on August 4th, 2022.
This is a post from HackRead.com Read the original post: Samsung Data Breach Exposed Private Data of US Customers

**Samsung** has announced that it suffered a data breach in July 2022 involving the personal data of US customers. The incident happened in late July this year and was discovered on August 4th, 2022.

According to the South Korean technology giant, the incident resulted in the breach of private user data such as names, dates of birth, product registration data, demographic information, and contact numbers.

Samsun sent out an email alert to its users after a hacker managed to breach the security of the tech giant’s US systems and stole customers’ data.

The company assured that the breach didn’t impact its customers’ credit card numbers and social security data, which was also stored in the system. The company has yet to disclose the number of affected customers but has notified them through an email sent on Friday.

> “On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected.”
> 
> Samsung

Samsung noted that the breached data may vary according to relevant customers and that none of the consumer devices were hacked by this breach. It also stated that its business operations or customers stayed unaffected.

Nevertheless, the company claims to have implemented necessary measures to prevent similar incidents and offers uninterrupted services to its customers. Samsung has also hired a private cybersecurity and law enforcement agency to investigate the latest incident.

Those impacted in this breach are advised to remain cautious of phishing scams, track their credit profiles, and check Samsung’s privacy policy and **FAQs section**.

**Second Data Breach in 2022**

It is currently unclear who perpetrated this attack. But, it is certainly not the first time the tech vendor has suffered a data breach. In fact, Samsung has been a victim of several data breaches in the recent past. In March 2022, **the company confirmed** suffering a data breach after the Lapsus$ hackers leaked 189 GB worth of sensitive data online.

1.  **Hackers used Samsung website to access Sprint’s customer data**
2.  **Killnet Claim They’ve Stolen Employee Data from Lockheed Martin**
3.  **Flawed Encryption Feature Affected 100M Samsung Galaxy Phones**
4.  **Samsung asks users to scan their Smart TVs for malware – Here’s how to**
5.  **Hackers Compromise Employee Accounts to Access Twilio Internal Systems**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Samsung Data Breach Exposed Private Data of US Customers

There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.

/\*\* \* @file arch/arm/m2351/src/numaker\_pfm\_m2351/secure/main.c \* @brief Provides functionality to start secure world, initialize secure \* and normal worlds, pass to execution to normal world. \* \* @copyright Copyright (c) 2019 Samsung Electronics Co., Ltd. All Rights Reserved. \* @author Taras Drozdovskyi t.drozdovsky@samsung.com \* \* Licensed under the Apache License, Version 2.0 (the "License"); \* you may not use this file except in compliance with the License. \* You may obtain a copy of the License at \* \* http://www.apache.org/licenses/LICENSE-2.0 \* \* Unless required by applicable law or agreed to in writing, software \* distributed under the License is distributed on an "AS IS" BASIS, \* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. \* See the License for the specific language governing permissions and \* limitations under the License. \*/ /\* Included Files. \*/ #include <stdio.h\> #include <stdint.h\> #include <stdlib.h\> #include <string.h\> #include <openssl/sha.h\> //#include "config.h" //#include "version.h" #include <openssl/ec.h\> // for EC\_GROUP\_new\_by\_curve\_name, EC\_GROUP\_free, EC\_KEY\_new, EC\_KEY\_set\_group, EC\_KEY\_generate\_key, EC\_KEY\_free #include <openssl/ecdsa.h\> // for ECDSA\_do\_sign, ECDSA\_do\_verify #include <openssl/obj\_mac.h\> // for NID\_secp192k1 #include <stdlib.h\> #include <string.h\> #include <openssl/conf.h\> #include <openssl/evp.h\> #include <openssl/rand.h\> #include <openssl/err.h\> /\* Pre-processor Definitions. \*/ #define AES\_BLOCK\_SIZE 16 #define AES\_KEY\_SIZE 32 /\*\* Start address for non-secure boot image \*/ /\* Private Types. \*/ /\* Any types, enums, structures or unions used by the file are defined here. \*/ /\* typedef for NonSecure callback functions \*/ /\*\* \* @details ECC ECDSA key structure \*/ typedef struct { uint8\_t Qx\[32\]; /\* 256-bits \*/ uint8\_t Qy\[32\]; /\* 256-bits \*/ uint8\_t d\[32\]; /\* 256-bits \*/ }\_\_attribute\_\_((packed)) ECC\_KEY\_T; typedef struct \_AES\_DATA { unsigned char key\[AES\_KEY\_SIZE\]; unsigned char iv\[AES\_BLOCK\_SIZE\]; } AES\_DATA; typedef struct Message\_Struct { unsigned char \*body; int \*length; AES\_DATA \*aes\_settings; } Message; /\* Private Function Prototypes. \*/ /\* Prototypes of all static functions in the file are provided here. \*/ /\* Private Data. \*/ /\* All static data definitions appear here. \*/ uint32\_t key\[\] = { 0x78563412, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xefcdac00 }; uint32\_t iv\[\] = { 0x78563412, 0x00000000, 0x00000000, 0xefcdac00 }; /\* Public Data. \*/ /\* All data definitions with global scope appear here. \*/ /\* Public Function Prototypes \*/ Message \*message\_init(int); int aes256\_init(Message \*); Message \*aes256\_encrypt(Message \*); void aes\_cleanup(AES\_DATA \*); void message\_cleanup(Message \*); void sha256(unsigned char \*data, unsigned int data\_len, unsigned char \*hash) { SHA256\_CTX sha256; SHA256\_Init(&sha256); SHA256\_Update(&sha256, data, data\_len); SHA256\_Final(hash, &sha256); } Message \*message\_init(int length) { Message \*ret = malloc(sizeof(Message)); ret->body = malloc(length); ret->length = malloc(sizeof(int)); \*ret->length = length; //initialize aes\_data aes256\_init(ret); return ret; } int aes256\_init(Message \* input) { AES\_DATA \*aes\_info = malloc(sizeof(AES\_DATA)); //point to new data input->aes\_settings = aes\_info; //get rand bytes memcpy(input->aes\_settings\->key, key, AES\_KEY\_SIZE); memcpy(input->aes\_settings\->iv, iv, AES\_KEY\_SIZE / 2); return 0; } Message \*aes256\_encrypt(Message \* plaintext) { EVP\_CIPHER\_CTX \*enc\_ctx; Message \* encrypted\_message; int enc\_length = \*(plaintext->length) + (AES\_BLOCK\_SIZE - \*(plaintext->length) % AES\_BLOCK\_SIZE); encrypted\_message = message\_init(enc\_length); //set up encryption context enc\_ctx = EVP\_CIPHER\_CTX\_new(); EVP\_EncryptInit(enc\_ctx, EVP\_aes\_256\_cfb(), plaintext->aes\_settings\->key, plaintext->aes\_settings\->iv); //encrypt all the bytes up to but not including the last block if (!EVP\_EncryptUpdate(enc\_ctx, encrypted\_message->body, &enc\_length, plaintext->body, \*plaintext->length)) { EVP\_CIPHER\_CTX\_cleanup(enc\_ctx); printf("EVP Error: couldn't update encryption with plain text!\\n"); return NULL; } //update length with the amount of bytes written \*(encrypted\_message->length) = enc\_length; //EncryptFinal will cipher the last block + Padding if (!EVP\_EncryptFinal\_ex(enc\_ctx, enc\_length + encrypted\_message->body, &enc\_length)) { EVP\_CIPHER\_CTX\_cleanup(enc\_ctx); printf("EVP Error: couldn't finalize encryption!\\n"); return NULL; } //add padding to length \*(encrypted\_message->length) += enc\_length; //no errors, copy over key & iv rather than pointing to the plaintext msg memcpy(encrypted\_message->aes\_settings\->key, plaintext->aes\_settings\->key, AES\_KEY\_SIZE); memcpy(encrypted\_message->aes\_settings\->iv, plaintext->aes\_settings\->iv, AES\_KEY\_SIZE / 2); //Free context and return encrypted message EVP\_CIPHER\_CTX\_cleanup(enc\_ctx); return encrypted\_message; } void aes\_cleanup(AES\_DATA \*aes\_data) { // free(aes\_data -> iv); // free(aes\_data -> key); // free(aes\_data); } void message\_cleanup(Message \*message) { //free message struct aes\_cleanup(message->aes\_settings); free(message->length); free(message->body); free(message); } /\*\* \* @brief main - entry point of mTower: secure world. \* \* @param None \* \* @returns None (function is not supposed to return) \*/ int main(int argc, char \* argv\[\]) { // Initialize openSSL // ERR\_load\_crypto\_strings(); // OpenSSL\_add\_all\_algorithms(); // OPENSSL\_config(NULL); EC\_KEY \*eckey = EC\_KEY\_new(); if (NULL == eckey) { printf("Failed to create new EC Key\\n"); return -1; } EC\_GROUP \*ecgroup = EC\_GROUP\_new\_by\_curve\_name(NID\_X9\_62\_prime256v1); if (NULL == ecgroup) { printf("Failed to create new EC Group\\n"); return -1; } if (EC\_KEY\_set\_group(eckey, ecgroup) != 1 ) { printf("Failed to set group for EC Key\\n"); return -1; } if (EC\_KEY\_generate\_key(eckey) != 1) { printf("Failed to generate EC Key\\n"); return -1; } const BIGNUM\* d = EC\_KEY\_get0\_private\_key(eckey); const EC\_POINT\* Q = EC\_KEY\_get0\_public\_key(eckey); const EC\_GROUP\* group = EC\_KEY\_get0\_group(eckey); BIGNUM\* x = BN\_new(); BIGNUM\* y = BN\_new(); if (!EC\_POINT\_get\_affine\_coordinates\_GFp(group, Q, x, y, NULL)) { return -1; } // printf("d: %s\\n", BN\_bn2hex(d)); // printf("X: %s\\n", BN\_bn2hex(x)); // printf("Y: %s\\n", BN\_bn2hex(y)); ECC\_KEY\_T ecc\_ecdsa\_key; BN\_bn2bin(d, &ecc\_ecdsa\_key.d\[0\]); BN\_bn2bin(x, ecc\_ecdsa\_key.Qx); BN\_bn2bin(y, ecc\_ecdsa\_key.Qy); // for (int i = 0; i != 32; i++) // printf(" %02X",ecc\_ecdsa\_key.d\[i\]); // printf("\\n"); char\* buff; buff = malloc(strlen(argv\[1\]) + strlen("ecdsa\_keys.bin") + 1); buff\[0\] = 0; strcat(buff, argv\[1\]); strcat(buff, "ecdsa\_keys.bin"); FILE\* fd = fopen(buff, "wb"); if (!fd) { printf("Failed to open file\\n"); free(buff); return -1; } free(buff); if (fwrite((void \*) &ecc\_ecdsa\_key, sizeof(char), (size\_t) (sizeof(ECC\_KEY\_T)), fd) != (size\_t) (sizeof(ECC\_KEY\_T))) { fclose(fd); return -1; } fclose(fd); Message \*message, \*enc\_msg; message = message\_init(64); memcpy((char \*) message->body, (unsigned char \*) ecc\_ecdsa\_key.Qx, 64); enc\_msg = aes256\_encrypt(message); //clean up ssl; // EVP\_cleanup(); // CRYPTO\_cleanup\_all\_ex\_data(); //Stop data leaks // ERR\_free\_strings(); buff = malloc(strlen(argv\[1\]) + strlen("NuBL32PubKeyEncrypted.bin") + 1); buff\[0\] = 0; strcat(buff, argv\[1\]); strcat(buff, "NuBL32PubKeyEncrypted.bin"); fd = fopen(buff, "wb"); if (!fd) { printf("Failed to open file\\n"); free(buff); return -1; } free(buff); if (fwrite((void \*) enc\_msg->body, sizeof(char), 64, fd) != 64) { fclose(fd); return -1; } fclose(fd); // free(buff); // message\_cleanup(message); // message\_cleanup(enc\_msg); buff = malloc(strlen(argv\[1\]) + strlen("NuBL32PubKeyEncryptedHash.bin") + 1); buff\[0\] = 0; strcat(buff, argv\[1\]); strcat(buff, "NuBL32PubKeyEncryptedHash.bin"); fd = fopen(buff, "wb"); if (!fd) { printf("Failed to open file\\n"); free(buff); return -1; } free(buff); unsigned char PubKeyEncryptedHash\[64\]; sha256((void \*) enc\_msg->body, 64, (unsigned char \*) PubKeyEncryptedHash); if (fwrite((void \*) PubKeyEncryptedHash, sizeof(char), 32, fd) != 32) { fclose(fd); return -1; } fclose(fd); message = message\_init(64); memcpy((char \*) message->body, (unsigned char \*) ecc\_ecdsa\_key.Qx, 64); enc\_msg = aes256\_encrypt(message); //clean up ssl; // EVP\_cleanup(); // CRYPTO\_cleanup\_all\_ex\_data(); //Stop data leaks // ERR\_free\_strings(); buff = malloc(strlen(argv\[1\]) + strlen("NuBL33PubKeyEncrypted.bin") + 1); buff\[0\] = 0; strcat(buff, argv\[1\]); strcat(buff, "NuBL33PubKeyEncrypted.bin"); fd = fopen(buff, "wb"); if (!fd) { printf("Failed to open file\\n"); free(buff); return -1; } free(buff); if (fwrite((void \*) enc\_msg->body, sizeof(char), 64, fd) != 64) { fclose(fd); return -1; } fclose(fd); // free(buff); // message\_cleanup(message); // message\_cleanup(enc\_msg); buff = malloc(strlen(argv\[1\]) + strlen("NuBL33PubKeyEncryptedHash.bin") + 1); buff\[0\] = 0; strcat(buff, argv\[1\]); strcat(buff, "NuBL33PubKeyEncryptedHash.bin"); fd = fopen(buff, "wb"); if (!fd) { printf("Failed to open file\\n"); free(buff); return -1; } free(buff); // unsigned char PubKeyEncryptedHash\[64\]; sha256((void \*) enc\_msg->body, 64, (unsigned char \*) PubKeyEncryptedHash); if (fwrite((void \*) PubKeyEncryptedHash, sizeof(char), 32, fd) != 32) { fclose(fd); return -1; } fclose(fd); exit: BN\_free(x); BN\_free(y); EC\_GROUP\_free(ecgroup); EC\_KEY\_free(eckey); // clean up ssl; // EVP\_cleanup(); // CRYPTO\_cleanup\_all\_ex\_data(); //Stop data leaks // ERR\_free\_strings(); return 0; }

CVE-2022-39829: mTower/ecdsa_keygen.c at 18f4b592a8a973ce5972f4e2658ea0f6e3686284 · Samsung/mTower

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.

**NAME**

EVP\_EC\_gen, EC\_KEY\_get\_method, EC\_KEY\_set\_method, EC\_KEY\_new\_ex, EC\_KEY\_new, EC\_KEY\_get\_flags, EC\_KEY\_set\_flags, EC\_KEY\_clear\_flags, EC\_KEY\_new\_by\_curve\_name\_ex, EC\_KEY\_new\_by\_curve\_name, EC\_KEY\_free, EC\_KEY\_copy, EC\_KEY\_dup, EC\_KEY\_up\_ref, EC\_KEY\_get0\_engine, EC\_KEY\_get0\_group, EC\_KEY\_set\_group, EC\_KEY\_get0\_private\_key, EC\_KEY\_set\_private\_key, EC\_KEY\_get0\_public\_key, EC\_KEY\_set\_public\_key, EC\_KEY\_get\_conv\_form, EC\_KEY\_set\_conv\_form, EC\_KEY\_set\_asn1\_flag, EC\_KEY\_decoded\_from\_explicit\_params, EC\_KEY\_precompute\_mult, EC\_KEY\_generate\_key, EC\_KEY\_check\_key, EC\_KEY\_set\_public\_key\_affine\_coordinates, EC\_KEY\_oct2key, EC\_KEY\_key2buf, EC\_KEY\_oct2priv, EC\_KEY\_priv2oct, EC\_KEY\_priv2buf - Functions for creating, destroying and manipulating EC\_KEY objects

**SYNOPSIS**

    #include <openssl/ec.h>
    
    EVP_PKEY *EVP_EC_gen(const char *curve);

The following functions have been deprecated since OpenSSL 3.0, and can be hidden entirely by defining **OPENSSL\_API\_COMPAT** with a suitable version value, see openssl\_user\_macros(7):

    EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq);
    EC_KEY *EC_KEY_new(void);
    int EC_KEY_get_flags(const EC_KEY *key);
    void EC_KEY_set_flags(EC_KEY *key, int flags);
    void EC_KEY_clear_flags(EC_KEY *key, int flags);
    EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq,
                                        int nid);
    EC_KEY *EC_KEY_new_by_curve_name(int nid);
    void EC_KEY_free(EC_KEY *key);
    EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
    EC_KEY *EC_KEY_dup(const EC_KEY *src);
    int EC_KEY_up_ref(EC_KEY *key);
    ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
    const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
    int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
    const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
    int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key);
    const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
    int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
    point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
    void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
    void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
    int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
    int EC_KEY_generate_key(EC_KEY *key);
    int EC_KEY_check_key(const EC_KEY *key);
    int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
    const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
    int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
    
    int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx);
    size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form,
                          unsigned char **pbuf, BN_CTX *ctx);
    
    int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
    size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len);
    
    size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
    int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);

**DESCRIPTION**

EVP\_EC\_gen() generates a new EC key pair on the given _curve_.

All of the functions described below are deprecated. Applications should instead use EVP\_EC\_gen(), EVP\_PKEY\_Q\_keygen(3), or EVP\_PKEY\_keygen\_init(3) and EVP\_PKEY\_keygen(3).

An EC\_KEY represents a public key and, optionally, the associated private key. A new EC\_KEY with no associated curve can be constructed by calling EC\_KEY\_new\_ex() and specifying the associated library context in _ctx_ (see OSSL\_LIB\_CTX(3)) and property query string _propq_. The _ctx_ parameter may be NULL in which case the default library context is used. The reference count for the newly created EC\_KEY is initially set to 1. A curve can be associated with the EC\_KEY by calling EC\_KEY\_set\_group().

EC\_KEY\_new() is the same as EC\_KEY\_new\_ex() except that the default library context is always used.

Alternatively a new EC\_KEY can be constructed by calling EC\_KEY\_new\_by\_curve\_name\_ex() and supplying the nid of the associated curve, the library context to be used _ctx_ (see OSSL\_LIB\_CTX(3)) and any property query string _propq_. The _ctx_ parameter may be NULL in which case the default library context is used. The _propq_ value may also be NULL. See EC\_GROUP\_new(3) for a description of curve names. This function simply wraps calls to EC\_KEY\_new\_ex() and EC\_GROUP\_new\_by\_curve\_name\_ex().

EC\_KEY\_new\_by\_curve\_name() is the same as EC\_KEY\_new\_by\_curve\_name\_ex() except that the default library context is always used and a NULL property query string.

Calling EC\_KEY\_free() decrements the reference count for the EC\_KEY object, and if it has dropped to zero then frees the memory associated with it. If _key_ is NULL nothing is done.

EC\_KEY\_copy() copies the contents of the EC\_KEY in _src_ into _dest_.

EC\_KEY\_dup() creates a new EC\_KEY object and copies _ec\_key_ into it.

EC\_KEY\_up\_ref() increments the reference count associated with the EC\_KEY object.

EC\_KEY\_get0\_engine() returns a handle to the ENGINE that has been set for this EC\_KEY object.

EC\_KEY\_generate\_key() generates a new public and private key for the supplied _eckey_ object. _eckey_ must have an EC\_GROUP object associated with it before calling this function. The private key is a random integer (0 < priv\_key < order, where _order_ is the order of the EC\_GROUP object). The public key is an EC\_POINT on the curve calculated by multiplying the generator for the curve by the private key.

EC\_KEY\_check\_key() performs various sanity checks on the EC\_KEY object to confirm that it is valid.

EC\_KEY\_set\_public\_key\_affine\_coordinates() sets the public key for _key_ based on its affine co-ordinates; i.e., it constructs an EC\_POINT object based on the supplied _x_ and _y_ values and sets the public key to be this EC\_POINT. It also performs certain sanity checks on the key to confirm that it is valid.

The functions EC\_KEY\_get0\_group(), EC\_KEY\_set\_group(), EC\_KEY\_get0\_private\_key(), EC\_KEY\_set\_private\_key(), EC\_KEY\_get0\_public\_key(), and EC\_KEY\_set\_public\_key() get and set the EC\_GROUP object, the private key, and the EC\_POINT public key for the **key** respectively. The function EC\_KEY\_set\_private\_key() accepts NULL as the priv\_key argument to securely clear the private key component from the EC\_KEY.

The functions EC\_KEY\_get\_conv\_form() and EC\_KEY\_set\_conv\_form() get and set the point\_conversion\_form for the _key_. For a description of point\_conversion\_forms please see EC\_POINT\_new(3).

EC\_KEY\_set\_flags() sets the flags in the _flags_ parameter on the EC\_KEY object. Any flags that are already set are left set. The flags currently defined are EC\_FLAG\_NON\_FIPS\_ALLOW and EC\_FLAG\_FIPS\_CHECKED. In addition there is the flag EC\_FLAG\_COFACTOR\_ECDH which is specific to ECDH. EC\_KEY\_get\_flags() returns the current flags that are set for this EC\_KEY. EC\_KEY\_clear\_flags() clears the flags indicated by the _flags_ parameter; all other flags are left in their existing state.

EC\_KEY\_set\_asn1\_flag() sets the asn1\_flag on the underlying EC\_GROUP object (if set). Refer to EC\_GROUP\_copy(3) for further information on the asn1\_flag.

EC\_KEY\_decoded\_from\_explicit\_params() returns 1 if the group of the _key_ was decoded from data with explicitly encoded group parameters, -1 if the _key_ is NULL or the group parameters are missing, and 0 otherwise.

EC\_KEY\_precompute\_mult() stores multiples of the underlying EC\_GROUP generator for faster point multiplication. See also EC\_POINT\_add(3). Modern versions should instead switch to named curves which OpenSSL has hardcoded lookup tables for.

EC\_KEY\_oct2key() and EC\_KEY\_key2buf() are identical to the functions EC\_POINT\_oct2point() and EC\_POINT\_point2buf() except they use the public key EC\_POINT in _eckey_.

EC\_KEY\_oct2priv() and EC\_KEY\_priv2oct() convert between the private key component of _eckey_ and octet form. The octet form consists of the content octets of the _privateKey_ OCTET STRING in an _ECPrivateKey_ ASN.1 structure.

The function EC\_KEY\_priv2oct() must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. Calling the function with a NULL buffer will not perform the conversion but will just return the required buffer length.

The function EC\_KEY\_priv2buf() allocates a buffer of suitable length and writes an EC\_KEY to it in octet format. The allocated buffer is written to _\*pbuf_ and its length is returned. The caller must free up the allocated buffer with a call to OPENSSL\_free(). Since the allocated buffer value is written to _\*pbuf_ the _pbuf_ parameter **MUST NOT** be **NULL**.

EC\_KEY\_priv2buf() converts an EC\_KEY private key into an allocated buffer.

**RETURN VALUES**

EC\_KEY\_new\_ex(), EC\_KEY\_new(), EC\_KEY\_new\_by\_curve\_name\_ex(), EC\_KEY\_new\_by\_curve\_name() and EC\_KEY\_dup() return a pointer to the newly created EC\_KEY object, or NULL on error.

EC\_KEY\_get\_flags() returns the flags associated with the EC\_KEY object as an integer.

EC\_KEY\_copy() returns a pointer to the destination key, or NULL on error.

EC\_KEY\_get0\_engine() returns a pointer to an ENGINE, or NULL if it wasn't set.

EC\_KEY\_up\_ref(), EC\_KEY\_set\_group(), EC\_KEY\_set\_public\_key(), EC\_KEY\_precompute\_mult(), EC\_KEY\_generate\_key(), EC\_KEY\_check\_key(), EC\_KEY\_set\_public\_key\_affine\_coordinates(), EC\_KEY\_oct2key() and EC\_KEY\_oct2priv() return 1 on success or 0 on error.

EC\_KEY\_set\_private\_key() returns 1 on success or 0 on error except when the priv\_key argument is NULL, in that case it returns 0, for legacy compatibility, and should not be treated as an error.

EC\_KEY\_get0\_group() returns the EC\_GROUP associated with the EC\_KEY.

EC\_KEY\_get0\_private\_key() returns the private key associated with the EC\_KEY.

EC\_KEY\_get\_conv\_form() return the point\_conversion\_form for the EC\_KEY.

EC\_KEY\_key2buf(), EC\_KEY\_priv2oct() and EC\_KEY\_priv2buf() return the length of the buffer or 0 on error.

**SEE ALSO**

EVP\_PKEY\_Q\_keygen(3) crypto(7), EC\_GROUP\_new(3), EC\_GROUP\_copy(3), EC\_POINT\_new(3), EC\_POINT\_add(3), EC\_GFp\_simple\_method(3), d2i\_ECPKParameters(3), OSSL\_LIB\_CTX(3)

**HISTORY**

EVP\_EC\_gen() was added in OpenSSL 3.0. All other functions described here were deprecated in OpenSSL 3.0. For replacement see EVP\_PKEY-EC(7).

**COPYRIGHT**

Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

CVE-2022-39828: /docs/manmaster/man3/EC_KEY_set_private_key.html

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.

/\*\* \* @file tools/fwinfogen.c \* @brief . \* \* @copyright Copyright (c) 2019 Samsung Electronics Co., Ltd. All Rights Reserved. \* @author Taras Drozdovskyi t.drozdovsky@samsung.com \* \* Licensed under the Apache License, Version 2.0 (the "License"); \* you may not use this file except in compliance with the License. \* You may obtain a copy of the License at \* \* http://www.apache.org/licenses/LICENSE-2.0 \* \* Unless required by applicable law or agreed to in writing, software \* distributed under the License is distributed on an "AS IS" BASIS, \* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. \* See the License for the specific language governing permissions and \* limitations under the License. \*/ /\* Included Files. \*/ #include <stdio.h\> #include <stdint.h\> #include <stdlib.h\> #include <string.h\> #include <openssl/sha.h\> #include <openssl/ec.h\> // for EC\_GROUP\_new\_by\_curve\_name, EC\_GROUP\_free, EC\_KEY\_new, EC\_KEY\_set\_group, EC\_KEY\_generate\_key, EC\_KEY\_free #include <openssl/ecdsa.h\> // for ECDSA\_do\_sign, ECDSA\_do\_verify #include <openssl/obj\_mac.h\> // for NID\_secp192k1 #include "config.h" //#include "version.h" /\* Pre-processor Definitions. \*/ #define BUILD\_MONTH\_IS\_JAN (\_\_DATE\_\_\[0\] == 'J' && \_\_DATE\_\_\[1\] == 'a' && \_\_DATE\_\_\[2\] == 'n') #define BUILD\_MONTH\_IS\_FEB (\_\_DATE\_\_\[0\] == 'F') #define BUILD\_MONTH\_IS\_MAR (\_\_DATE\_\_\[0\] == 'M' && \_\_DATE\_\_\[1\] == 'a' && \_\_DATE\_\_\[2\] == 'r') #define BUILD\_MONTH\_IS\_APR (\_\_DATE\_\_\[0\] == 'A' && \_\_DATE\_\_\[1\] == 'p') #define BUILD\_MONTH\_IS\_MAY (\_\_DATE\_\_\[0\] == 'M' && \_\_DATE\_\_\[1\] == 'a' && \_\_DATE\_\_\[2\] == 'y') #define BUILD\_MONTH\_IS\_JUN (\_\_DATE\_\_\[0\] == 'J' && \_\_DATE\_\_\[1\] == 'u' && \_\_DATE\_\_\[2\] == 'n') #define BUILD\_MONTH\_IS\_JUL (\_\_DATE\_\_\[0\] == 'J' && \_\_DATE\_\_\[1\] == 'u' && \_\_DATE\_\_\[2\] == 'l') #define BUILD\_MONTH\_IS\_AUG (\_\_DATE\_\_\[0\] == 'A' && \_\_DATE\_\_\[1\] == 'u') #define BUILD\_MONTH\_IS\_SEP (\_\_DATE\_\_\[0\] == 'S') #define BUILD\_MONTH\_IS\_OCT (\_\_DATE\_\_\[0\] == 'O') #define BUILD\_MONTH\_IS\_NOV (\_\_DATE\_\_\[0\] == 'N') #define BUILD\_MONTH\_IS\_DEC (\_\_DATE\_\_\[0\] == 'D') #define BUILD\_MONTH \\ ( \\ (BUILD\_MONTH\_IS\_JAN) ? 1 : \\ (BUILD\_MONTH\_IS\_FEB) ? 2 : \\ (BUILD\_MONTH\_IS\_MAR) ? 3 : \\ (BUILD\_MONTH\_IS\_APR) ? 4 : \\ (BUILD\_MONTH\_IS\_MAY) ? 5 : \\ (BUILD\_MONTH\_IS\_JUN) ? 6 : \\ (BUILD\_MONTH\_IS\_JUL) ? 7 : \\ (BUILD\_MONTH\_IS\_AUG) ? 8 : \\ (BUILD\_MONTH\_IS\_SEP) ? 9 : \\ (BUILD\_MONTH\_IS\_OCT) ? 16 : \\ (BUILD\_MONTH\_IS\_NOV) ? 17 : \\ (BUILD\_MONTH\_IS\_DEC) ? 18 : \\ /\* error default \*/ 0 \\ ) #define BUILD\_DAY\_CH0 ((\_\_DATE\_\_\[4\] >= '0') ? (\_\_DATE\_\_\[4\]) : '0') #define BUILD\_DAY\_CH1 (\_\_DATE\_\_\[ 5\]) #define DATE\_COMPILE (((\_\_DATE\_\_\[7\] - '0') << 28) \\ | (((unsigned int)(\_\_DATE\_\_\[8\] - '0')) << 24) \\ | (((unsigned int)(\_\_DATE\_\_\[9\] - '0')) << 20) \\ | (((unsigned int)(\_\_DATE\_\_\[10\] - '0')) << 16) \\ | (((unsigned int)(BUILD\_MONTH)) << 8) \\ | (((unsigned int)(((\_\_DATE\_\_\[4\] >= '0') ? (\_\_DATE\_\_\[4\]) : '0') - '0')) << 4) \\ | (((unsigned int)\_\_DATE\_\_\[5\] - '0'))) #define BL33\_METADATA\_ADDRESS (0x10080000 - CONFIG\_START\_ADDRESS\_BL33 - 0x8000) /\*\* Instruction Code of "B ." \*/ /\* Private Types. \*/ /\* Any types, enums, structures or unions used by the file are defined here. \*/ /\* typedef for NonSecure callback functions \*/ /\*\* \* @details ECC public key structure \*/ typedef struct { uint32\_t au32Key0\[8\]; /\* 256-bits \*/ uint32\_t au32Key1\[8\]; /\* 256-bits \*/ }\_\_attribute\_\_((packed)) ECC\_PUBKEY\_T; /\*\* \* @details ECC ECDSA signature structure \*/ typedef struct { uint32\_t au32R\[8\]; /\* 256-bits \*/ uint32\_t au32S\[8\]; /\* 256-bits \*/ }\_\_attribute\_\_((packed)) ECDSA\_SIGN\_T; typedef struct { uint32\_t u32Start; /\* 32-bits \*/ uint32\_t u32Size; /\* 32-bits \*/ }\_\_attribute\_\_((packed)) FW\_REGION\_T; typedef struct { uint32\_t u32AuthCFGs; /\* 32-bits \*/ /\* bit\[1:0\]: Reserved bit\[2\]: 1: Info Hash includes PDID / 0: Not include PDID bit\[3\]: 1: Info Hash includes UID / 0: Not include UID bit\[4\]: 1: Info Hash inculdes UICD / 0: Not include UICD bit\[31:5\]: Reserved \*/ uint32\_t u32FwRegionLen; /\* 32-bits \*/ FW\_REGION\_T au32FwRegion\[1\]; /\* (8\*1) bytes \*/ uint32\_t u32ExtInfoLen; /\* 32-bits \*/ uint32\_t au32ExtInfo\[3\]; /\* 12-bytes \*/ }\_\_attribute\_\_((packed)) METADATA\_T; typedef struct { ECC\_PUBKEY\_T pubkey; /\* 64-bytes (256-bits + 256-bits) \*/ METADATA\_T mData; /\* includes authenticate configuration, F/W regions and extend info \*/ uint32\_t au32FwHash\[8\]; /\* 32-bytes (256-bits) \*/ ECDSA\_SIGN\_T sign; /\* 64-bytes (256-bits R + 256-bits S) \*/ }\_\_attribute\_\_((packed)) FW\_INFO\_T; /\*\* \* @details ECC ECDSA key structure \*/ typedef struct { uint8\_t Qx\[32\]; /\* 256-bits \*/ uint8\_t Qy\[32\]; /\* 256-bits \*/ uint8\_t d\[32\]; /\* 256-bits \*/ }\_\_attribute\_\_((packed)) ECC\_KEY\_T; /\* Private Function Prototypes. \*/ /\* Prototypes of all static functions in the file are provided here. \*/ /\* Private Data. \*/ /\* All static data definitions appear here. \*/ /\* Public Data. \*/ /\* All data definitions with global scope appear here. \*/ const char header\[\] = "\\n" "const uint32\_t g\_InitialFWinfo\[\] =\\n" "{\\n" " /\* public key - 64-bytes (256-bits + 256-bits) \*/\\n"; /\* Public Function Prototypes \*/ /\* Private Functions. \*/ void sha256(unsigned char \*data, unsigned int data\_len, unsigned char \*hash) { SHA256\_CTX sha256; SHA256\_Init(&sha256); SHA256\_Update(&sha256, data, data\_len); SHA256\_Final(hash, &sha256); } static int sign\_pFwInfo(FW\_INFO\_T \*pFwInfo, ECC\_KEY\_T \*ecdsa\_key) { int ret = -1; EC\_KEY \*eckey = EC\_KEY\_new(); if (NULL == eckey) { printf("Failed to create new EC Key\\n"); return -1; } EC\_GROUP \*ecgroup = EC\_GROUP\_new\_by\_curve\_name(NID\_X9\_62\_prime256v1); if (NULL == ecgroup) { printf("Failed to create new EC Group\\n"); goto exit; } if (EC\_KEY\_set\_group(eckey, ecgroup) != 1) { printf("Failed to set group for EC Key\\n"); goto exit; } memcpy((void \*) pFwInfo->pubkey.au32Key0, (void \*) ecdsa\_key->Qx, 32); memcpy((void \*) pFwInfo->pubkey.au32Key1, (void \*) ecdsa\_key->Qy, 32); BIGNUM\* x = BN\_bin2bn((void \*) ecdsa\_key->Qx, 32, NULL); BIGNUM\* y = BN\_bin2bn((void \*) ecdsa\_key->Qy, 32, NULL); BIGNUM\* d = BN\_bin2bn((void \*) ecdsa\_key->d, 32, NULL); EC\_KEY\_set\_private\_key(eckey, d); EC\_KEY\_set\_public\_key\_affine\_coordinates(eckey, x, y); uint32\_t au32HeadHash\[8\]; unsigned int u32Size = sizeof(FW\_INFO\_T) - sizeof(ECDSA\_SIGN\_T); sha256((unsigned char \*) pFwInfo, u32Size, (unsigned char \*) au32HeadHash); ECDSA\_SIG \*signature = ECDSA\_do\_sign((unsigned char \*) au32HeadHash, u32Size, eckey); if (NULL == signature) { printf("Failed to generate EC Signature\\n"); } else { if (ECDSA\_do\_verify((unsigned char \*) au32HeadHash, u32Size, signature, eckey) != 1) { printf("Failed to verify EC Signature\\n"); } else { BIGNUM \*r, \*s; #if OPENSSL\_VERSION\_NUMBER >= 0x10100000L ECDSA\_SIG\_get0(signature, &r, &s); #else r = signature->r; s = signature->s; #endif // printf("d: %s\\n", BN\_bn2hex(d)); // printf("X: %s\\n", BN\_bn2hex(x)); // printf("Y: %s\\n", BN\_bn2hex(y)); // printf("R: %s\\n", BN\_bn2hex(r)); // printf("S: %s\\n", BN\_bn2hex(s)); BN\_bn2bin(r, (unsigned char \*) pFwInfo->sign.au32R); BN\_bn2bin(s, (unsigned char \*) pFwInfo->sign.au32S); BN\_free(x); BN\_free(y); BN\_free(d); BN\_free(r); BN\_free(s); } } ret = 0; exit: EC\_GROUP\_free(ecgroup); EC\_KEY\_free(eckey); return ret; } int getFileSize(const char \*filename) { int size = -1; FILE\* fd = fopen(filename, "rb"); if (!fd) { printf("Failed to open file: %s\\n",filename); return -1; } /\* Get file size \*/ if (fseek(fd, 0, SEEK\_END) != 0) { printf("Unable to get '%s' file size\\n", filename); goto exit; } size = ftell(fd); if (size < 0) { printf("Stream doesn't support '%s' file positioning\\n", filename); goto exit; } // rewind(fd); exit: fclose(fd); return size; } #ifdef CONFIG\_BOOTLOADER2 /\*\* \* @brief printFwInfo - . \* \* @param pFwInfo \[in/out\] A pointer to jar file name string. \* \* @returns 0 on success or error code on failure. \*/ void printFwInfo(FW\_INFO\_T \*pFwInfo) { printf("%s", header); printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x,\\n", pFwInfo->pubkey.au32Key0\[0\], pFwInfo->pubkey.au32Key0\[1\], pFwInfo->pubkey.au32Key0\[2\], pFwInfo->pubkey.au32Key0\[3\]); printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x,\\n", pFwInfo->pubkey.au32Key0\[4\], pFwInfo->pubkey.au32Key0\[5\], pFwInfo->pubkey.au32Key0\[6\], pFwInfo->pubkey.au32Key0\[7\]); printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x,\\n", pFwInfo->pubkey.au32Key1\[0\], pFwInfo->pubkey.au32Key1\[1\], pFwInfo->pubkey.au32Key1\[2\], pFwInfo->pubkey.au32Key1\[3\]); printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x,\\n", pFwInfo->pubkey.au32Key1\[4\], pFwInfo->pubkey.au32Key1\[5\], pFwInfo->pubkey.au32Key1\[6\], pFwInfo->pubkey.au32Key1\[7\]); printf("\\n"); printf( " /\* metadata data - includes Mode selection, F/W region and Extend info \*/\\n"); printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x, // 0x00020000: NuBL32 F/W base\\n", pFwInfo->mData.u32AuthCFGs, pFwInfo->mData.u32FwRegionLen, pFwInfo->mData.au32FwRegion\[0\].u32Start, pFwInfo->mData.au32FwRegion\[0\].u32Size); printf( " 0x%08x, 0x%08x, 0x%08x, 0x%08x, // 0x20180824/0x00001111/0x22223333: Extend info\\n", pFwInfo->mData.u32ExtInfoLen, pFwInfo->mData.au32ExtInfo\[0\], pFwInfo->mData.au32ExtInfo\[1\], pFwInfo->mData.au32ExtInfo\[2\]); printf("\\n"); printf(" /\* FW hash - 32-bytes (256-bits) \*/\\n"); printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x,\\n", pFwInfo->au32FwHash\[0\], pFwInfo->au32FwHash\[1\], pFwInfo->au32FwHash\[2\], pFwInfo->au32FwHash\[3\]); printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x,\\n", pFwInfo->au32FwHash\[4\], pFwInfo->au32FwHash\[5\], pFwInfo->au32FwHash\[6\], pFwInfo->au32FwHash\[7\]); printf("\\n"); printf(" /\* FwInfo signature - 64-bytes (256-bits R + 256-bits S) \*/\\n"); printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x,\\n", pFwInfo->sign.au32R\[0\], pFwInfo->sign.au32R\[1\], pFwInfo->sign.au32R\[2\], pFwInfo->sign.au32R\[3\]); printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x,\\n", pFwInfo->sign.au32R\[4\], pFwInfo->sign.au32R\[5\], pFwInfo->sign.au32R\[6\], pFwInfo->sign.au32R\[7\]); printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x,\\n", pFwInfo->sign.au32S\[0\], pFwInfo->sign.au32S\[1\], pFwInfo->sign.au32S\[2\], pFwInfo->sign.au32S\[3\]); printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x,\\n", pFwInfo->sign.au32S\[4\], pFwInfo->sign.au32S\[5\], pFwInfo->sign.au32S\[6\], pFwInfo->sign.au32S\[7\]); printf("};\\n"); } #endif /\*\* \* @brief main - entry point of mTower: secure world. \* \* @param None \* \* @returns None (function is not supposed to return) \*/ int main(int argc, char\*\* argv) { unsigned char \*buf = NULL; int ret = -1; FILE\* fd; int img\_size = 0; #ifdef CONFIG\_BOOTLOADER2 ECC\_KEY\_T ecdsa\_key; FW\_INFO\_T pFwInfo; pFwInfo.mData.u32AuthCFGs = 0x00000001; pFwInfo.mData.u32FwRegionLen = 0x00000008; pFwInfo.mData.au32FwRegion\[0\].u32Start = CONFIG\_START\_ADDRESS\_BL32; pFwInfo.mData.au32FwRegion\[0\].u32Size = 0x00000000; pFwInfo.mData.u32ExtInfoLen = 0x0000000c; pFwInfo.mData.au32ExtInfo\[0\] = DATE\_COMPILE; pFwInfo.mData.au32ExtInfo\[1\] = 0x00001111; pFwInfo.mData.au32ExtInfo\[2\] = 0x22223333; #endif if (argc != 7) { printf("Not enough input parameters for %s\\n", argv\[0\]); return -1; } buf = malloc(1024 \* 256); if (buf == NULL) { printf("Allocation memory error\\n"); goto exit; } memset((void \*) buf, 0, 1024 \* 256); //////////////////////////////////////////////////////////////// // mtower\_s.bin //////////////////////////////////////////////////////////////// #ifdef CONFIG\_BOOTLOADER2 int32\_t size\_bl2; if((size\_bl2 = getFileSize(argv\[1\])) < 0) { return -1; } fd = fopen(argv\[1\], "rb"); if (!fd) { printf("Failed to open file: %s\\n",argv\[1\]); return -1; } if (fread(buf, 1, (size\_t) size\_bl2, fd) != (size\_t) size\_bl2) { free(buf); goto exit; } fclose(fd); #endif #ifdef CONFIG\_BOOTLOADER32 int32\_t size\_bl32; if((size\_bl32 = getFileSize(argv\[2\])) < 0) { return -1; } fd = fopen(argv\[2\], "rb"); if (!fd) { printf("Failed to open file: %s\\n",argv\[2\]); goto exit; } if (fread(buf + CONFIG\_START\_ADDRESS\_BL32, 1, (size\_t) size\_bl32, fd) != (size\_t) size\_bl32) { free(buf); goto exit; } fclose(fd); img\_size = size\_bl32; #endif #ifdef CONFIG\_BOOTLOADER2 sha256(buf + CONFIG\_START\_ADDRESS\_BL32, size\_bl32, (unsigned char \*) &pFwInfo.au32FwHash); pFwInfo.mData.au32FwRegion\[0\].u32Size = size\_bl32; fd = fopen(argv\[4\], "rb"); if (!fd) { printf("Failed to open file: %s\\n",argv\[4\]); goto exit; } if (fread((unsigned char \*) &ecdsa\_key, sizeof(char), sizeof(ECC\_KEY\_T), fd) != sizeof(ECC\_KEY\_T)) { return -1; } fclose(fd); sign\_pFwInfo(&pFwInfo, &ecdsa\_key); memcpy(buf + 0x00038000, (unsigned char \*) &pFwInfo, sizeof(FW\_INFO\_T)); img\_size = 0x00038000 + sizeof(FW\_INFO\_T); #endif fd = fopen(argv\[3\], "wb"); if (!fd) { printf("Failed to open file: %s\\n",argv\[3\]); goto exit; } if (fwrite(buf, sizeof(char), (size\_t) img\_size, fd) != (size\_t) img\_size) { free(buf); goto exit; } #ifdef CONFIG\_BOOTLOADER2 printf("\\n\\tSecure firmware info\\n"); printFwInfo(&pFwInfo); #endif //////////////////////////////////////////////////////////////// // mtower\_ns.bin //////////////////////////////////////////////////////////////// #ifdef CONFIG\_BOOTLOADER33 memset((void \*) buf, 0, 1024 \* 256); int32\_t size\_bl33; if((size\_bl33 = getFileSize(argv\[5\])) < 0) { return -1; } fd = fopen(argv\[5\], "rb"); if (!fd) { printf("Failed to open file: %s\\n",argv\[5\]); goto exit; } if (fread(buf, 1, (size\_t) size\_bl33, fd) != (size\_t) size\_bl33) { goto exit; } fclose(fd); img\_size = size\_bl33; #ifdef CONFIG\_BOOTLOADER2 sha256(buf, size\_bl33, (unsigned char \*) &pFwInfo.au32FwHash); pFwInfo.mData.au32FwRegion\[0\].u32Start = CONFIG\_START\_ADDRESS\_BL33; pFwInfo.mData.au32FwRegion\[0\].u32Size = size\_bl33; sign\_pFwInfo(&pFwInfo, &ecdsa\_key); memcpy(buf + BL33\_METADATA\_ADDRESS, (unsigned char \*) &pFwInfo, sizeof(FW\_INFO\_T)); img\_size = BL33\_METADATA\_ADDRESS + sizeof(FW\_INFO\_T); #endif fd = fopen(argv\[6\], "wb"); if (!fd) { printf("Failed to open file: %s\\n",argv\[6\]); goto exit; } if (fwrite(buf, sizeof(char), (size\_t) img\_size, fd) != (size\_t) img\_size) { goto exit; } #endif ret = 0; exit: free(buf); fclose(fd); #ifdef CONFIG\_BOOTLOADER2 printf("\\n\\tNon-secure firmware info\\n"); printFwInfo(&pFwInfo); #endif return ret; }

CVE-2022-39830: mTower/fwinfogen.c at 18f4b592a8a973ce5972f4e2658ea0f6e3686284 · Samsung/mTower

South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach.
"In late July 2022, an unauthorized third-party acquired information from some of Samsung's U.S. systems," the company disclosed in a notice. "On or around August 4, 2022, we determined

South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach.

"In late July 2022, an unauthorized third-party acquired information from some of Samsung's U.S. systems," the company disclosed in a notice. "On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected."

Samsung said the infiltration enabled hackers to access certain data such as names, contact and demographic information, dates of birth, and product registration details.

It stressed that the incident did not affect users' Social Security numbers or credit and debit card numbers, but noted the information leaked for each relevant customer may vary.

The collected information is necessary to help the company deliver the best experience with its products and services, it added. It's unclear how many customers were affected or who was behind the hack, and why it took almost a month for the company to divulge the breach.

Aside from notifying users about the security event, Samsung stated it has taken steps to secure the impacted systems and engaged an outside cybersecurity firm to lead the response efforts.

Furthermore, it's urging users to be on guard against potential social engineering attempts, avoid clicking on links or opening attachments from unknown senders, and review their accounts for potentially suspicious activity.

The announcement comes less than six months after Samsung confirmed a similar incident. In March 2022, it revealed that internal data, including the source code related to its Galaxy smartphones, was leaked in the aftermath of an attack staged by the LAPSUS$ extortion gang.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Samsung Admits Data Breach that Exposed Details of Some U.S. Customers

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.

CVE-2021-44718: wolfSSL Security Vulnerabilities | wolfSSL Embedded SSL/TLS Library

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.

CVE-2022-36622: mTower/tee_svc.c at 18f4b592a8a973ce5972f4e2658ea0f6e3686284 · Samsung/mTower

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.

// SPDX-License-Identifier: BSD-2-Clause /\* \* Copyright (c) 2014, STMicroelectronics International N.V. \* All rights reserved. \* \* Redistribution and use in source and binary forms, with or without \* modification, are permitted provided that the following conditions are met: \* \* 1. Redistributions of source code must retain the above copyright notice, \* this list of conditions and the following disclaimer. \* \* 2. Redistributions in binary form must reproduce the above copyright notice, \* this list of conditions and the following disclaimer in the documentation \* and/or other materials provided with the distribution. \* \* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" \* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE \* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE \* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE \* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR \* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF \* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS \* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN \* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) \* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE \* POSSIBILITY OF SUCH DAMAGE. \*/ #include <stdlib.h\> #include <string.h\> #include <tee\_api.h\> #include <utee\_syscalls.h\> //#include "tee\_api\_private.h" #include "utee\_types.h" #define TEE\_USAGE\_DEFAULT 0xffffffff #define TEE\_ATTR\_BIT\_VALUE (1 << 29) #define TEE\_ATTR\_BIT\_PROTECTED (1 << 28) void \_\_utee\_from\_attr(struct utee\_attribute \*ua, const TEE\_Attribute \*attrs, uint32\_t attr\_count) { size\_t n; for (n = 0; n < attr\_count; n++) { ua\[n\].attribute\_id = attrs\[n\].attributeID; if (attrs\[n\].attributeID & TEE\_ATTR\_BIT\_VALUE) { ua\[n\].a = attrs\[n\].content.value.a; ua\[n\].b = attrs\[n\].content.value.b; } else { ua\[n\].a = (uintptr\_t)attrs\[n\].content.ref.buffer; ua\[n\].b = attrs\[n\].content.ref.length; } } } /\* Data and Key Storage API - Generic Object Functions \*/ /\* \* Use of this function is deprecated \* new code SHOULD use the TEE\_GetObjectInfo1 function instead \* These functions will be removed at some future major revision of \* this specification \*/ void TEE\_GetObjectInfo(TEE\_ObjectHandle object, TEE\_ObjectInfo \*objectInfo) { TEE\_Result res; res = utee\_cryp\_obj\_get\_info((unsigned long)object, objectInfo); if (res != TEE\_SUCCESS) TEE\_Panic(res); if (objectInfo->objectType == TEE\_TYPE\_CORRUPTED\_OBJECT) { objectInfo->keySize = 0; objectInfo->maxKeySize = 0; objectInfo->objectUsage = 0; objectInfo->dataSize = 0; objectInfo->dataPosition = 0; objectInfo->handleFlags = 0; } } TEE\_Result TEE\_GetObjectInfo1(TEE\_ObjectHandle object, TEE\_ObjectInfo \*objectInfo) { TEE\_Result res; res = utee\_cryp\_obj\_get\_info((unsigned long)object, objectInfo); if (res != TEE\_SUCCESS && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } /\* \* Use of this function is deprecated \* new code SHOULD use the TEE\_RestrictObjectUsage1 function instead \* These functions will be removed at some future major revision of \* this specification \*/ void TEE\_RestrictObjectUsage(TEE\_ObjectHandle object, uint32\_t objectUsage) { TEE\_Result res; TEE\_ObjectInfo objectInfo; res = utee\_cryp\_obj\_get\_info((unsigned long)object, &objectInfo); if (objectInfo.objectType == TEE\_TYPE\_CORRUPTED\_OBJECT) return; res = TEE\_RestrictObjectUsage1(object, objectUsage); if (res != TEE\_SUCCESS) TEE\_Panic(res); } TEE\_Result TEE\_RestrictObjectUsage1(TEE\_ObjectHandle object, uint32\_t objectUsage) { TEE\_Result res; res = utee\_cryp\_obj\_restrict\_usage((unsigned long)object, objectUsage); if (res != TEE\_SUCCESS && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } TEE\_Result TEE\_GetObjectBufferAttribute(TEE\_ObjectHandle object, uint32\_t attributeID, void \*buffer, uint32\_t \*size) { TEE\_Result res; TEE\_ObjectInfo info; uint64\_t sz; res = utee\_cryp\_obj\_get\_info((unsigned long)object, &info); if (res != TEE\_SUCCESS) goto exit; /\* This function only supports reference attributes \*/ if ((attributeID & TEE\_ATTR\_BIT\_VALUE)) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto exit; } sz = \*size; res = utee\_cryp\_obj\_get\_attr((unsigned long)object, attributeID, buffer, &sz); \*size = sz; exit: if (res != TEE\_SUCCESS && res != TEE\_ERROR\_ITEM\_NOT\_FOUND && res != TEE\_ERROR\_SHORT\_BUFFER && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } TEE\_Result TEE\_GetObjectValueAttribute(TEE\_ObjectHandle object, uint32\_t attributeID, uint32\_t \*a, uint32\_t \*b) { TEE\_Result res; TEE\_ObjectInfo info; uint32\_t buf\[2\]; uint64\_t size = sizeof(buf); res = utee\_cryp\_obj\_get\_info((unsigned long)object, &info); if (res != TEE\_SUCCESS) goto exit; /\* This function only supports value attributes \*/ if (!(attributeID & TEE\_ATTR\_BIT\_VALUE)) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto exit; } res = utee\_cryp\_obj\_get\_attr((unsigned long)object, attributeID, buf, &size); exit: if (res != TEE\_SUCCESS && res != TEE\_ERROR\_ITEM\_NOT\_FOUND && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); if (size != sizeof(buf)) TEE\_Panic(0); if (res == TEE\_SUCCESS) { if (a) \*a = buf\[0\]; if (b) \*b = buf\[1\]; } return res; } void TEE\_CloseObject(TEE\_ObjectHandle object) { TEE\_Result res; if (object == TEE\_HANDLE\_NULL) return; res = utee\_cryp\_obj\_close((unsigned long)object); if (res != TEE\_SUCCESS) TEE\_Panic(res); } /\* Data and Key Storage API - Transient Object Functions \*/ TEE\_Result TEE\_AllocateTransientObject(TEE\_ObjectType objectType, uint32\_t maxKeySize, TEE\_ObjectHandle \*object) { TEE\_Result res; uint32\_t obj; res = utee\_cryp\_obj\_alloc(objectType, maxKeySize, &obj); if (res != TEE\_SUCCESS && res != TEE\_ERROR\_OUT\_OF\_MEMORY && res != TEE\_ERROR\_NOT\_SUPPORTED) TEE\_Panic(res); if (res == TEE\_SUCCESS) \*object = (TEE\_ObjectHandle)(uintptr\_t)obj; return res; } void TEE\_FreeTransientObject(TEE\_ObjectHandle object) { TEE\_Result res; TEE\_ObjectInfo info; if (object == TEE\_HANDLE\_NULL) return; res = utee\_cryp\_obj\_get\_info((unsigned long)object, &info); if (res != TEE\_SUCCESS) TEE\_Panic(res); if ((info.handleFlags & TEE\_HANDLE\_FLAG\_PERSISTENT) != 0) TEE\_Panic(0); res = utee\_cryp\_obj\_close((unsigned long)object); if (res != TEE\_SUCCESS) TEE\_Panic(res); } void TEE\_ResetTransientObject(TEE\_ObjectHandle object) { TEE\_Result res; TEE\_ObjectInfo info; if (object == TEE\_HANDLE\_NULL) return; res = utee\_cryp\_obj\_get\_info((unsigned long)object, &info); if (res != TEE\_SUCCESS) TEE\_Panic(res); if ((info.handleFlags & TEE\_HANDLE\_FLAG\_PERSISTENT) != 0) TEE\_Panic(0); res = utee\_cryp\_obj\_reset((unsigned long)object); if (res != TEE\_SUCCESS) TEE\_Panic(res); } TEE\_Result TEE\_PopulateTransientObject(TEE\_ObjectHandle object, const TEE\_Attribute \*attrs, uint32\_t attrCount) { TEE\_Result res; TEE\_ObjectInfo info; struct utee\_attribute ua\[attrCount\]; res = utee\_cryp\_obj\_get\_info((unsigned long)object, &info); if (res != TEE\_SUCCESS) TEE\_Panic(res); /\* Must be a transient object \*/ if ((info.handleFlags & TEE\_HANDLE\_FLAG\_PERSISTENT) != 0) TEE\_Panic(0); /\* Must not be initialized already \*/ if ((info.handleFlags & TEE\_HANDLE\_FLAG\_INITIALIZED) != 0) TEE\_Panic(0); \_\_utee\_from\_attr(ua, attrs, attrCount); res = utee\_cryp\_obj\_populate((unsigned long)object, ua, attrCount); if (res != TEE\_SUCCESS && res != TEE\_ERROR\_BAD\_PARAMETERS) TEE\_Panic(res); return res; } void TEE\_InitRefAttribute(TEE\_Attribute \*attr, uint32\_t attributeID, const void \*buffer, uint32\_t length) { if (attr == NULL) TEE\_Panic(0); if ((attributeID & TEE\_ATTR\_BIT\_VALUE) != 0) TEE\_Panic(0); attr->attributeID = attributeID; attr->content.ref.buffer = (void \*)buffer; attr->content.ref.length = length; } void TEE\_InitValueAttribute(TEE\_Attribute \*attr, uint32\_t attributeID, uint32\_t a, uint32\_t b) { if (attr == NULL) TEE\_Panic(0); if ((attributeID & TEE\_ATTR\_BIT\_VALUE) == 0) TEE\_Panic(0); attr->attributeID = attributeID; attr->content.value.a = a; attr->content.value.b = b; } /\* \* Use of this function is deprecated \* new code SHOULD use the TEE\_CopyObjectAttributes1 function instead \* These functions will be removed at some future major revision of \* this specification \*/ void TEE\_CopyObjectAttributes(TEE\_ObjectHandle destObject, TEE\_ObjectHandle srcObject) { TEE\_Result res; TEE\_ObjectInfo src\_info; res = utee\_cryp\_obj\_get\_info((unsigned long)srcObject, &src\_info); if (src\_info.objectType == TEE\_TYPE\_CORRUPTED\_OBJECT) return; res = TEE\_CopyObjectAttributes1(destObject, srcObject); if (res != TEE\_SUCCESS) TEE\_Panic(res); } TEE\_Result TEE\_CopyObjectAttributes1(TEE\_ObjectHandle destObject, TEE\_ObjectHandle srcObject) { TEE\_Result res; TEE\_ObjectInfo dst\_info; TEE\_ObjectInfo src\_info; res = utee\_cryp\_obj\_get\_info((unsigned long)destObject, &dst\_info); if (res != TEE\_SUCCESS) goto exit; res = utee\_cryp\_obj\_get\_info((unsigned long)srcObject, &src\_info); if (res != TEE\_SUCCESS) goto exit; if (!(src\_info.handleFlags & TEE\_HANDLE\_FLAG\_INITIALIZED)) TEE\_Panic(0); if ((dst\_info.handleFlags & TEE\_HANDLE\_FLAG\_PERSISTENT)) TEE\_Panic(0); if ((dst\_info.handleFlags & TEE\_HANDLE\_FLAG\_INITIALIZED)) TEE\_Panic(0); res = utee\_cryp\_obj\_copy((unsigned long)destObject, (unsigned long)srcObject); exit: if (res != TEE\_SUCCESS && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } TEE\_Result TEE\_GenerateKey(TEE\_ObjectHandle object, uint32\_t keySize, const TEE\_Attribute \*params, uint32\_t paramCount) { TEE\_Result res; struct utee\_attribute ua\[paramCount\]; \_\_utee\_from\_attr(ua, params, paramCount); res = utee\_cryp\_obj\_generate\_key((unsigned long)object, keySize, ua, paramCount); if (res != TEE\_SUCCESS && res != TEE\_ERROR\_BAD\_PARAMETERS) TEE\_Panic(res); return res; } /\* Data and Key Storage API - Persistent Object Functions \*/ TEE\_Result TEE\_OpenPersistentObject(uint32\_t storageID, const void \*objectID, uint32\_t objectIDLen, uint32\_t flags, TEE\_ObjectHandle \*object) { TEE\_Result res; uint32\_t obj; if (!objectID) { res = TEE\_ERROR\_ITEM\_NOT\_FOUND; goto out; } if (objectIDLen > TEE\_OBJECT\_ID\_MAX\_LEN) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto out; } if (!object) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto out; } res = utee\_storage\_obj\_open(storageID, objectID, objectIDLen, flags, &obj); if (res == TEE\_SUCCESS) \*object = (TEE\_ObjectHandle)(uintptr\_t)obj; out: if (res != TEE\_SUCCESS && res != TEE\_ERROR\_ITEM\_NOT\_FOUND && res != TEE\_ERROR\_ACCESS\_CONFLICT && res != TEE\_ERROR\_OUT\_OF\_MEMORY && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } TEE\_Result TEE\_CreatePersistentObject(uint32\_t storageID, const void \*objectID, uint32\_t objectIDLen, uint32\_t flags, TEE\_ObjectHandle attributes, const void \*initialData, uint32\_t initialDataLen, TEE\_ObjectHandle \*object) { TEE\_Result res; uint32\_t obj; if (!objectID) { res = TEE\_ERROR\_ITEM\_NOT\_FOUND; goto err; } if (objectIDLen > TEE\_OBJECT\_ID\_MAX\_LEN) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto err; } res = utee\_storage\_obj\_create(storageID, objectID, objectIDLen, flags, (unsigned long)attributes, initialData, initialDataLen, &obj); if (res == TEE\_SUCCESS) { if (object) \*object = (TEE\_ObjectHandle)(uintptr\_t)obj; else res = utee\_cryp\_obj\_close(obj); if (res == TEE\_SUCCESS) goto out; } err: if (object) \*object = TEE\_HANDLE\_NULL; if (res == TEE\_ERROR\_ITEM\_NOT\_FOUND || res == TEE\_ERROR\_ACCESS\_CONFLICT || res == TEE\_ERROR\_OUT\_OF\_MEMORY || res == TEE\_ERROR\_STORAGE\_NO\_SPACE || res == TEE\_ERROR\_CORRUPT\_OBJECT || res == TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) return res; TEE\_Panic(res); out: return TEE\_SUCCESS; } /\* \* Use of this function is deprecated \* new code SHOULD use the TEE\_CloseAndDeletePersistentObject1 function instead \* These functions will be removed at some future major revision of \* this specification \*/ void TEE\_CloseAndDeletePersistentObject(TEE\_ObjectHandle object) { TEE\_Result res; if (object == TEE\_HANDLE\_NULL) return; res = TEE\_CloseAndDeletePersistentObject1(object); if (res != TEE\_SUCCESS) TEE\_Panic(0); } TEE\_Result TEE\_CloseAndDeletePersistentObject1(TEE\_ObjectHandle object) { TEE\_Result res; if (object == TEE\_HANDLE\_NULL) return TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE; res = utee\_storage\_obj\_del((unsigned long)object); if (res != TEE\_SUCCESS && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } TEE\_Result TEE\_RenamePersistentObject(TEE\_ObjectHandle object, const void \*newObjectID, uint32\_t newObjectIDLen) { TEE\_Result res; if (object == TEE\_HANDLE\_NULL) { res = TEE\_ERROR\_ITEM\_NOT\_FOUND; goto out; } if (!newObjectID) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto out; } if (newObjectIDLen > TEE\_OBJECT\_ID\_MAX\_LEN) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto out; } res = utee\_storage\_obj\_rename((unsigned long)object, newObjectID, newObjectIDLen); out: if (res != TEE\_SUCCESS && res != TEE\_ERROR\_ACCESS\_CONFLICT && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } TEE\_Result TEE\_AllocatePersistentObjectEnumerator(TEE\_ObjectEnumHandle \* objectEnumerator) { TEE\_Result res; uint32\_t oe; if (!objectEnumerator) return TEE\_ERROR\_BAD\_PARAMETERS; res = utee\_storage\_alloc\_enum(&oe); if (res != TEE\_SUCCESS) oe = TEE\_HANDLE\_NULL; \*objectEnumerator = (TEE\_ObjectEnumHandle)(uintptr\_t)oe; if (res != TEE\_SUCCESS && res != TEE\_ERROR\_ACCESS\_CONFLICT) TEE\_Panic(res); return res; } void TEE\_FreePersistentObjectEnumerator(TEE\_ObjectEnumHandle objectEnumerator) { TEE\_Result res; if (objectEnumerator == TEE\_HANDLE\_NULL) return; res = utee\_storage\_free\_enum((unsigned long)objectEnumerator); if (res != TEE\_SUCCESS) TEE\_Panic(res); } void TEE\_ResetPersistentObjectEnumerator(TEE\_ObjectEnumHandle objectEnumerator) { TEE\_Result res; if (objectEnumerator == TEE\_HANDLE\_NULL) return; res = utee\_storage\_reset\_enum((unsigned long)objectEnumerator); if (res != TEE\_SUCCESS) TEE\_Panic(res); } TEE\_Result TEE\_StartPersistentObjectEnumerator(TEE\_ObjectEnumHandle objectEnumerator, uint32\_t storageID) { TEE\_Result res; res = utee\_storage\_start\_enum((unsigned long)objectEnumerator, storageID); if (res != TEE\_SUCCESS && res != TEE\_ERROR\_ITEM\_NOT\_FOUND && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } TEE\_Result TEE\_GetNextPersistentObject(TEE\_ObjectEnumHandle objectEnumerator, TEE\_ObjectInfo \*objectInfo, void \*objectID, uint32\_t \*objectIDLen) { TEE\_Result res; uint64\_t len; TEE\_ObjectInfo local\_info; TEE\_ObjectInfo \*pt\_info; if (!objectID) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto out; } if (!objectIDLen) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto out; } if (objectInfo) pt\_info = objectInfo; else pt\_info = &local\_info; len = \*objectIDLen; res = utee\_storage\_next\_enum((unsigned long)objectEnumerator, pt\_info, objectID, &len); \*objectIDLen = len; out: if (res != TEE\_SUCCESS && res != TEE\_ERROR\_ITEM\_NOT\_FOUND && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } /\* Data and Key Storage API - Data Stream Access Functions \*/ TEE\_Result TEE\_ReadObjectData(TEE\_ObjectHandle object, void \*buffer, uint32\_t size, uint32\_t \*count) { TEE\_Result res; uint64\_t cnt64; if (object == TEE\_HANDLE\_NULL) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto out; } cnt64 = \*count; res = utee\_storage\_obj\_read((unsigned long)object, buffer, size, &cnt64); \*count = cnt64; out: if (res != TEE\_SUCCESS && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } TEE\_Result TEE\_WriteObjectData(TEE\_ObjectHandle object, const void \*buffer, uint32\_t size) { TEE\_Result res; if (object == TEE\_HANDLE\_NULL) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto out; } if (size > TEE\_DATA\_MAX\_POSITION) { res = TEE\_ERROR\_OVERFLOW; goto out; } res = utee\_storage\_obj\_write((unsigned long)object, buffer, size); out: if (res != TEE\_SUCCESS && res != TEE\_ERROR\_STORAGE\_NO\_SPACE && res != TEE\_ERROR\_OVERFLOW && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } TEE\_Result TEE\_TruncateObjectData(TEE\_ObjectHandle object, uint32\_t size) { TEE\_Result res; if (object == TEE\_HANDLE\_NULL) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto out; } res = utee\_storage\_obj\_trunc((unsigned long)object, size); out: if (res != TEE\_SUCCESS && res != TEE\_ERROR\_STORAGE\_NO\_SPACE && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; } TEE\_Result TEE\_SeekObjectData(TEE\_ObjectHandle object, int32\_t offset, TEE\_Whence whence) { TEE\_Result res; TEE\_ObjectInfo info; if (object == TEE\_HANDLE\_NULL) { res = TEE\_ERROR\_BAD\_PARAMETERS; goto out; } res = utee\_cryp\_obj\_get\_info((unsigned long)object, &info); if (res != TEE\_SUCCESS) goto out; switch (whence) { case TEE\_DATA\_SEEK\_SET: if (offset > 0 && (uint32\_t)offset > TEE\_DATA\_MAX\_POSITION) { res = TEE\_ERROR\_OVERFLOW; goto out; } break; case TEE\_DATA\_SEEK\_CUR: if (offset > 0 && ((uint32\_t)offset + info.dataPosition > TEE\_DATA\_MAX\_POSITION || (uint32\_t)offset + info.dataPosition < info.dataPosition)) { res = TEE\_ERROR\_OVERFLOW; goto out; } break; case TEE\_DATA\_SEEK\_END: if (offset > 0 && ((uint32\_t)offset + info.dataSize > TEE\_DATA\_MAX\_POSITION || (uint32\_t)offset + info.dataSize < info.dataSize)) { res = TEE\_ERROR\_OVERFLOW; goto out; } break; default: res = TEE\_ERROR\_ITEM\_NOT\_FOUND; goto out; } res = utee\_storage\_obj\_seek((unsigned long)object, offset, whence); out: if (res != TEE\_SUCCESS && res != TEE\_ERROR\_OVERFLOW && res != TEE\_ERROR\_CORRUPT\_OBJECT && res != TEE\_ERROR\_STORAGE\_NOT\_AVAILABLE) TEE\_Panic(res); return res; }

CVE-2022-36621: mTower/tee_api_objects.c at 18f4b592a8a973ce5972f4e2658ea0f6e3686284 · Samsung/mTower

Plus: Chrome patches another zero-day flaw, Microsoft closes up 100 vulnerabilities, Android gets a significant patch, and more.

August was a bumper month for security patches, with Apple, Google, and Microsoft among the firms issuing emergency fixes for already exploited vulnerabilities. The month also saw some big fixes arriving from the likes of VMWare, Cisco, IBM, and Zimbra.

Here’s everything you need to know about the important security fixes issued in August.

Apple iOS 15.6.1

After a two-month patch hiatus, followed by multiple fixes in July, Apple released an emergency security update in August with iOS 15.6.1. The iOS update fixed two flaws, both of which were being used by attackers in the wild.

It is thought that the vulnerabilities in WebKit (CVE-2022-32893) and the Kernel (CVE-2022-32894) were being chained together in attacks, with serious consequences. A successful attack could allow an adversary to take control of your iPhone and access your sensitive files and banking details.

Combining the two flaws “typically provides all the functionality needed to mount a device jailbreak,” bypassing almost all Apple-imposed security restrictions, Paul Ducklin, a principal research scientist at Sophos, wrote in a blog analyzing the vulnerabilities. This would potentially allow adversaries to “install background spyware and keep you under comprehensive surveillance,” Ducklin explained.

Apple always avoids giving out details about vulnerabilities until most people have updated, so it’s hard to know who the attack targets were. To ensure you are safe, you should update your devices to iOS 15.6.1 without delay.

Apple also released iPadOS 15.6.1, watchOS 8.7.1, and macOS Monterey 12.5.1, all of which you should update at the next opportunity.

Google Chrome

Google released a security update in August to fix its fifth zero-day flaw this year. In an advisory, Google listed 11 vulnerabilities fixed in August. The patches include a use-after-free flaw in FedCM—tracked as CVE-2022-2852 and rated as critical—as well as six highly rated issues and three classed as having a medium impact. One of the highly rated vulnerabilities has been exploited by attackers, CVE-2022-2856.

Google hasn’t provided any detail about the exploited flaw, but since attackers have gotten ahold of the details, it’s a good idea to update Chrome now.

Earlier in August, Google released Chrome 104, fixing 27 vulnerabilities, seven of which were rated as having a high impact.

Google Android

The August Android security patch was a hefty one, with dozens of fixes for serious vulnerabilities, including a flaw in the framework that could lead to local privilege escalation with no additional privileges needed. Meanwhile, an issue in the media framework could lead to remote information disclosure, and a flaw in the system could lead to remote code execution over Bluetooth. A vulnerability in kernel components could also lead to local escalation of privileges.

The Android security patch was late in August, but it’s now available on such devices as Google’s Pixel range, the Nokia T20, and Samsung Galaxy devices (including the Galaxy S series, Galaxy Note series, Galaxy Fold series, and Galaxy Flip series).

Microsoft

Microsoft’s August Patch Tuesday fixed over 100 security flaws, of which 17 are rated as critical. Among the fixes was a patch for an already exploited flaw tracked as CVE-2022-34713, also known as DogWalk.

The remote code execution (RCE) flaw in the Windows Support Diagnostic Tool (MDST) is rated as having a high impact because exploiting it can result in a system compromise. The vulnerability, which affects all users of Windows and Windows Server, was first exposed over two years ago in January 2020, but Microsoft didn’t consider it a security issue at the time.

VMWare

VMWare fixed a bunch of flaws in August, including a critical authentication bypass bug tracked as CVE-2022-31656. On releasing the patch, the software firm warned that public exploit code is available.

VMWare also fixed an RCE vulnerability in VMware Workspace ONE Access, Identity Manager, and Aria Automation (formerly vRealize Automation), tracked as CVE-2022-31658 with a CVSS score of eight. Meanwhile, a SQL injection RCE vulnerability found in VMware Workspace ONE Access and Identity Manager also got a CVSS score of eight. Both require an attacker to have administrator and network access before they can trigger remote code execution.

Apple Fixed a Serious iOS Security Flaw—Have You Updated Yet?

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves.
Dubbed GAIROSCOPE, the adversarial model is the latest addition to a long list of acoustic, electromagnetic, optical, and thermal approaches devised by

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves.

Dubbed **GAIROSCOPE**, the adversarial model is the latest addition to a long list of acoustic, electromagnetic, optical, and thermal approaches devised by Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel.

"Our malware generates ultrasonic tones in the resonance frequencies of the MEMS gyroscope," Dr. Guri said in a new paper published this week. "These inaudible frequencies produce tiny mechanical oscillations within the smartphone's gyroscope, which can be demodulated into binary information."

Air-gapping is seen as an essential security countermeasure that involves isolating a computer or network and preventing it from establishing an external connection, effectively creating an impenetrable barrier between a digital asset and threat actors who try to forge a path for espionage attacks.

Like other attacks against air-gapped networks, GAIROSCOPE is no different in that it banks on the ability of an adversary to breach a target environment via ploys such as infected USB sticks, watering holes, or supply chain compromises to deliver the malware.

What's new this time around is that it also requires infecting the smartphones of employees working in the victim organization with a rogue app that, for its part, is deployed by means of attack vectors like social engineering, malicious ads, or compromised websites, among others.

In the next phase of the kill chain, the attacker abuses the established foothold to harvest sensitive data (i.e., encryption keys, credentials etc.), encodes, and broadcasts the information in the form of stealthy acoustic sound waves via the machine's loudspeaker.

The transmission is then detected by an infected smartphone that's in close physical proximity and which listens through the gyroscope sensor built into the device, following which the data is demodulated, decoded, and transferred to the attacker via the Internet over Wi-Fi.

This is made possible due to a phenomenon called ultrasonic corruption that affects MEMS gyroscopes at resonance frequencies. "When this inaudible sound is played near the gyroscope, it creates an internal disruption to the signal output," Dr. Guri explained. "The errors in the output can be used to encode and decode information."

Experimental results show that the covert channel can be used to transfer data with bit rates of 1-8 bit/sec at distances of 0 - 600 cm, with the transmitter reaching a distance of 800 cm in narrow rooms.

Should employees place their mobile phones close to their workstations on the desk, the method could be used to exchange data, including short texts, encryption keys, passwords, or keystrokes.

The data exfiltration method is notable for the fact that it doesn't require the malicious app in the receiving smartphone (in this case, One Plus 7, Samsung Galaxy S9, and Samsung Galaxy S10) to have microphone access, thus tricking users into approving their access without suspicion.

The speakers-to-gyroscope covert channel is also advantageous from an adversarial point of view. Not only are there no visual cues on Android and iOS when an app uses the gyroscope (like in the case of location or microphone), the sensor is also accessible from HTML via standard JavaScript.

This also means that the bad actor doesn't have to install an app to achieve the intended goals, and can instead inject backdoor JavaScript code on a legitimate website that samples the gyroscope, receives the covert signals, and exfiltrates the information via the Internet.

Mitigating GAIROSCOPE requires organizations to enforce separation policies to keep smartphones at least 800 cm away or more from secured areas, remove loudspeakers and audio drivers from endpoints, filter out ultrasonic signals using firewalls SilverDog and SoniControl, and jam the covert channel by adding background noises to the acoustic spectrum.

The study arrives a little over a month after Dr. Guri demonstrated SATAn, a mechanism to jump over air-gaps and extract information by taking advantage of Serial Advanced Technology Attachment (SATA) cables.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#samsung