A new security vulnerability found in devices such as smartphones and tables that use Qualcomm chipsets could allow an attacker to recover private data and encryption keys stored in a secure area of the chipset called QSEE (Qualcomm Secure Execution Environment). ). Chipmaker patches rolled out for this vulnerability (CVE-2018-11976) earlier this month, but slow Android updates could make some smartphones and tablets vulnerable for years to come. Hundreds of millions of Android devices currently use Qualcomm chips. manage data processed in QSEE's Trusted Execution Environment (TEE). It is a physically isolated area on the company's chips, where Android and application developers can send data to be processed safely, so that it protects it from the operating system and all other applications installed on the device. Encryption keys and private passwords are often processed within QSEE and the mistake could leave this sensitive information exposed to hackers.
QSEE
Keegan Ryan of the NCC group first discovered that Qualcomm's implementation of the ECDSA cryptographic signature algorithm could be leveraged to retrieve data processed in the QSEE secure area of its processors in March. 39, last year. A potential attacker would need root access to a device to exploit this vulnerability. Cybercriminals are more comfortable with this process because malware that can access Android as root is quite common and can even be found in the Google Play Store. Ryan explained how he discovered this vulnerability in a recently published document. . He explained how he used a tool called Cachegrab to analyze Qualcomm chip cache caches to identify small leaks in the ECDSA encryption data signing process, stating that "we found two locations in the algorithm that contain information about the nuncio contain countermeasures against attacks. channel, but due to the spatial and temporal resolution of our architectural micro attacks, it is possible to overcome these countermeasures and distinguish some bits from the nuncio. These few bits are enough to recover the 256-bit ECDSA keys. " Ryan informed Qualcomm of the security breach last year and the company has released firmware patches as part of the update. Google's April 2019 Android Safety Day. If you are using an Android device with a Qualcomm Enterprise Sensitive chip, it is recommended to update your smartphone with the latest security patch for the Android operating system. Via ZDNet