Qualcomm chips leak crypto data from secure execution environment

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.helpnetsecurity.com/2019/04/25/qualcomm-chips-vulnerability/
A vulnerability in Qualcomm chips could be exploited by attackers to retrieve encryption keys and sensitive information from the chipsets’ secure execution environment, NCC Group researchers have found.

About CVE-2018-11976

The security of Trusted Execution Environments (TEEs) such as ARM TrustZone, which are widely used in both mobile and embedded devices and often share the same computational hardware as untrusted code, has been previously probed but not extensively.

NCC Group researchers decided to specifically test the implementation of ECDSA signing in a particular version of Qualcomm’s Secure Execution Environment (QSEE) and they ended up identifying a series of vulnerabilities, collectively identified as CVE-2018-11976.

By using a tool dubbed Cachgrab, they were able to simultaneously mount a number of attacks against memory caches, successfully extract cryptographic information and fully recover a 256-bit private key from Qualcomm’s version of the hardware-backed keystore.

Additional and very detailed information about their research and findings can be found in this recently released paper.
Click to expand...
What now?

The researchers performed their tests on the Android-running Nexus 5X smartphone, but Qualcomm confirmed that the same vulnerability affect over 30 different chipsets (the complete list can be found here) and, therefore, can be used to compromise the security of a wide variety of smartphones and tablets. In fact, if you use an Android-powered device, chances are good it uses one of these chips.

What’s important for end users to know is that since being notified of the bug in March 2018, Qualcomm has proceeded to patch the firmware of all the affected chipsets and has notified affected OEMs and carriers.


Google has implemented the fixes in the Android April 2019 security update and, hopefully soon, other OEMs and carriers will deliver them too.


It’s good to note that for the attacks to be successful the attacker must achieve root access on the target device but, unfortunately, this can be achieved through already existing (and not that rare) malware.
Click to expand...
 
  • Like
  • +Reputation
Reactions: ZeroDay, Deletedmessiah, Jack and 6 others
SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,635
My chipset is one of the affected ones. Google's April security patch has fixed the problem and right after reading this news, my phone received the April security update. Nice.
 
Last edited:
  • Like
Reactions: ZeroDay, LASER_oneXM and Jack
You must log in or register to reply here.

Similar threads

upnorth
    • Like
    • Wow
Critical Vulnerability in Qualcomm Chips Affects Billions of Devices
Replies
0
Views
718
News Archive
upnorth
upnorth
Ink
    • Like
    • +Reputation
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Replies
0
Views
953
News Archive
Ink
Ink
silversurfer
    • Like
Qualcomm to acquire Autotalks for its automotive safety chip platforms
Replies
0
Views
476
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top