Security flaw lets attackers recover private keys from Qualcomm chips

guest · Apr 24, 2019

Security flaw lets attackers recover private keys from Qualcomm chips
Firmware patches have been released earlier this month, 46 Qualcomm chipsets impacted
April 24, 2019
https://www.zdnet.com/article/security-flaw-lets-attackers-recover-private-keys-from-qualcomm-chips/

Devices using Qualcomm chipsets, and especially smartphones and tablets, are vulnerable to a new security bug that can let attackers retrieve private data and encryption keys that are stored in a secure area of the chipset known as the Qualcomm Secure Execution Environment (QSEE).
WHAT IS THE QSEE?
The vulnerability impacts how the Qualcomm chips (used in hundreds of millions of Android devices) handles data processed inside the QSEE.

To exploit this vulnerability, an attacker would need root access on a device, but this isn't actually such a big hurdle as it sounds because malware that can gain root access on Android devices is quite common these days [...]
Further, Ryan also points out that the QSEE was designed to prevent situations where attackers had full control over the device, meaning that the QSEE was failing at the primary function it was designed for.
Click to expand...

VULNERABILITY PATCHED
The vulnerability has the potential to undermine the security of all Android and IoT devices where a QSEE component is used to secure sensitive information.

Ryan said he notified Qualcomm about this severe flaw last year, and that the company released firmware patches earlier this month, which have been included with Google's Android April 2019 security update.
[...] Qualcomm security advisory [...]
Click to expand...

Log in or Sign up

Security flaw lets attackers recover private keys from Qualcomm chips

guest Guest

Log in or Sign up

Security flaw lets attackers recover private keys from Qualcomm chips

guest Guest

Useful Searches