News

Leak in Qualcomm chips allowed eavesdropping on secure part of socs

By admin
Spread the love

Researchers have discovered a vulnerability in the secure portion of many Qualcomm SOCs. This made many mobile devices vulnerable for a long time, although the leak was difficult to implement in practice. A patch is now available.

The leak was discovered by Check Point researchers, who spent more than four months investigating. The vulnerability is in the Trusted Execution Environment, the secure part on the chips on which sensitive data is stored. Qualcomm calls that section Secure World. That TEE is based on TrustZone, functionality of the ARM architecture that Qualcomm socs use. Normally, communication between the Secure World TEE and the rest of the mobile device, the Rich Execution Environment, should only happen with a secure handshake, but the Check Point researchers managed to get around that.

The researchers tried to overload the chip with large amounts of data. This method is also known as fuzzing. In addition, so many commands are executed on the chip that potential security holes eventually surface, usually due to a buffer overflow or a denial-of-service. A fuzzing attack could theoretically be carried out by making the user click on an infected link. In this way, the researchers were able to manipulate the hash verification of a trusted app, or trustlet. They were able to load an untrusted app into the TEE section of the soc. As a result, the researchers had to deploy two more well-known n-day vulnerabilities: CVE-2015-6639 and CVE-2016-2431. This makes it a lot more difficult to implement the leak in practice.

The researchers were able to demonstrate the vulnerability as a proof-of-concept on a Samsung phone, and on a Nexus 6 that still ran on Android 7. They also managed to eavesdrop on information from a Moto G4. Check Point has passed the findings on to the manufacturers. They have since released patches, although some vulnerabilities needed to exploit the vulnerability were fixed years ago. Qualcomm itself has also responded with a fix. Under CVE-2019-10574, the company has released an update that aims to prevent the vulnerability.

You might also like
News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory

News

Valve releases major Team Fortress 2 update with community maps and new taunts