Millions of Android smartphones and tablets using Qualcomm chipsets are vulnerable to new serious attacks.
According to a report published by the cybersecurity firm CheckPoint, the vulnerabilities found in the Qualcomm chipsets, that are used in hundreds of million Android devices, can allow attackers to steal data that is stored in a secure area. The flaw resides in Qualcomm’s Secure Execution Environment (QSEE), and implementation of Trusted Execution Environment (TEE) which is a part of ARM TrustZone technology.
Passwords, private encryption keys, and banking credentials
QSEE is a secure part of the hardware isolated from the rest of the processor to protect the sensitive information for executing Trusted Applications. Shortly, QSEE mostly contains private encryption keys, passwords, and online banking credentials. Researchers claim that attackers can execute trusted apps in Normal World, load patched trusted app into the SQEE, bypass Qualcomm’s Chain of Trust, adapt the trusted app for running on a device of another manufacturer, and more.
Checkpoint also claims: “Security research in TEE implementations is highly difficult due to the large amount of proprietary code. However, as we will see later, a trusted app is a good target for fuzzing-based research. The command handler of a trusted app expects to receive a data blob from the Normal world which will then be parsed and used according to the app’s purpose and the requested command. Each trusted app can support hundreds of possible external commands.” You can read more at Checkpoint’s blog post.