Researcher Name: https://twitter.com/ffmenarini/
Samsung didn’t lock the TrustZone secure memory configuration in hardware (TZASC) of the Exynos based S21 (and earlier devices), allowing any (semi controlled) arbitrary write in the TrustZone firmware to corrupt the information in the hardware registers, resulting in removing the full TrustZone memory protection. This was used over and over in a series of TEE exploits. With the S22 they finally learned their lesson 🙂 Now the other vendors…