BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Digging into Xiaomi’s TEE to get to Chinese money\
 n   When: Saturday\, Aug 13\, 14:30 - 14:50 PDT\n   Where: Caesars Forum -
  Forum 106-110\, 138-139 (Track 2) - [1]Map\n\n   SpeakerBio:Slava Makkave
 ev \, Security Researcher\, Check Point\n   Slava Makkaveev is a Security 
 Researcher at Check Point Research.\n   Holds a PhD in Computer Science. S
 lava has found himself in the\n   security field more than ten years ago a
 nd since that gained vast\n   experience in reverse engineering and vulner
 ability research. Recently\n   Slava has taken a particularly strong inter
 est in mobile platforms and\n   firmware security. Slava was a speaker at 
 DEF CON\, CanSecWest\, REcon\,\n   HITB and others.\n\n   Description:\n  
  The Far East and China account for two-thirds of global mobile\n   paymen
 ts in 2021. That is about $4 billion in mobile wallet\n   transactions. Su
 ch a huge amount of money is sure to attract the\n   attention of hackers.
  Have you ever wondered how safe it is to pay\n   from a mobile device? Ca
 n a malicious app steal money from your\n   digital wallet? To answer thes
 e questions\, we researched the payment\n   system built into Xiaomi smart
 phones based on MediaTek chips\, which\n   are very popular in China. As a
  result\, we discovered vulnerabilities\n   that allow forging payment pac
 kages or disabling the payment system\n   directly from an unprivileged An
 droid application.\n\n   Mobile payment signatures are carried out in the 
 Trusted Execution\n   Environment (TEE) that remains secure on compromised
  devices. The\n   attacker needs to hack the TEE in order to hack the paym
 ent. There is\n   a lot of good research about mobile TEEs in the public d
 omain\, but no\n   one pays attention to trusted apps written by device ve
 ndors like\n   Xiaomi and not by chip makers\, while the core of mobile pa
 yments is\n   implemented there. In our research\, we reviewed Xiaomi's TE
 E for\n   security issues in order to find a way to scam WeChat Pay.\n\n  
  '\n\n   1. https://defcon.outel.org/consolidated_page.html#CaesarsForumBR
 \n\n\n
DTEND:20220813T215000Z
DTSTART:20220813T213000Z
LOCATION:DC - Caesars Forum - Forum 106-110\, 138-139 (Track 2)
SUMMARY:Digging into Xiaomi’s TEE to get to Chinese money
END:VEVENT
END:VCALENDAR