The 2022 Pwnie Nominee For Best Mobile Bug

Trust Dies in Darkness

Shakevsky, Ronen and Wool found severe flaws in the cryptographic design of Samsung’s TrustZone-based Keymaster https://www.usenix.org/conference/usenixsecurity22/presentation/shakevsky, PoC: https://github.com/shakevsky/keybuster

They found severe design flaws that allow full recovery of hardware-protected keys that were encrypted by the TrustZone on latest Samsung flagship devices (S9, S10, S20 and S21)