Hacking embedded systems is one of the most technically challenging but financially rewarding forms of hacking around. Consumer Devices such as mobile handsets are targeted for a variety of reasons, from targeting the IMEI number of a mobile phone to re-enable it after theft through to data extraction and cryptographic key manipulation.
Attacking the hardware foundations of mobile phones can undermine the whole platform above including the Application Security Framework. To design future secure systems it is important to know exactly what the threats are to be able to defend against them. OMTP’s companion document to the ‘Advanced Trusted Environment: OMTP TR1’, the ‘Security Threats on Embedded Consumer Devices’ formed part of the input to the threat and risk analysis performed during the creation of TR1.
This maintenance release expands on the detail provided in the initial release of this recommendation in May 2008 and accompanies the maintenance release of the Advanced Trusted Environment: OMTP TR1.