Hundreds of millions of devices, especially Android smartphones and tablets, using Qualcomm chipsets, are vulnerable to a new set of potentially serious vulnerabilities.
According to a report cybersecurity firm CheckPoint shared with The Hacker News, the flaws could allow attackers to steal sensitive data stored in a secure area that is otherwise supposed to be the most protected part of a mobile device.
The vulnerabilities reside in Qualcomm’s Secure Execution Environment (QSEE), an implementation of Trusted Execution Environment (TEE) based on ARM TrustZone technology.
Also known as Qualcomm’s Secure World, QSEE is a hardware-isolated secure area on the main processor that aims to protect sensitive information and provides a separate secure environment (REE) for executing Trusted Applications.
Along with other personal information, QSEE usually contains private encryption keys, passwords, credit, and debit card credentials.
Since it is based on the principle of least privilege, Normal World system modules like drivers and applications can not access protected areas unless necessary—even when they have root permissions.
“In a 4-month research project, we succeeded in reverse Qualcomm’s Secure World operating system and leveraged the fuzzing technique to expose the hole,” researchers told The Hacker News.
“We implemented a custom-made fuzzing tool, which tested trusted code on Samsung, LG, Motorola devices,” which allowed researchers to find four vulnerabilities in trusted code implemented by Samsung, one in Motorola and one in LG.
- dxhdcp2 (LVE-SMP-190005)
- sec_store (SVE-2019-13952)
- authnr (SVE-2019-13949)
- esecomm (SVE-2019-13950)
- kmota (CVE-2019-10574)
- tzpr25 (acknowledged by Samsung)
- prov (Motorola is working on a fix)
images from Hacker News