Qualcomm patches major chip security flaw

Image Credit: Shutterstock (Image credit: Jejim / Shutterstock)

A new security flaw found in devices such as smartphones and tables using Qualcomm chipsets has the potential to allow an attacker to retrieve private data and encryption keys stored in a secure area of the chipset called the Qualcomm Secure Execution Environment (QSEE).

The chip maker deployed patches for this vulnerability (CVE-2018-11976) earlier this month but the slow pace of Android updates could leave some smartphones and tablets vulnerable for years to come.

Hundreds of millions of Android devices currently use Qualcomm chips and the vulnerability impacts how they handle data processed inside the Trusted Execution Environment (TEE) QSEE.

The QSEE is a hardware-isolated area on the company's chips where app developers and Android itself can send data to be processed safely and securely in such a way that it is secluded from the operating system and any other apps installed on the device. Private encryption keys and passwords are often processed inside the QSEE and the bug could leave this sensitive information exposed to hackers.


NCC Group's Keegan Ryan first discovered that Qualcomm's implementation of the ECDSA cryptographic signing algorithm could be exploited to retrieve data processed inside the QSEE secure area of its processors in March of last year.

A potential attacker would need root access to a device to exploit the vulnerability but this has become easier for cybercriminals to do now that malware that can gain root access on Android devices is quite common and can even be found on the Google Play Store.

Ryan detailed how he discovered this vulnerability in a recently published white paper in which he explained how he used a tool called Cachegrab to analyze the memory caches of Qualcomm's chips to identify small leaks in the ECDSA cyptographic data-signing process, saying:

"We found two locations in the multiplication algorithm which leak information about the nonce. Both of these locations contain countermeasures against side-channel attacks, but due to the spatial and temporal resolution of our microarchitectural attacks, it is possible to overcome these countermeasures and distinguish a few bits of the nonce. These few bits are enough to recover 256-bit ECDSA keys." 

Ryan notified Qualcomm about the security flaw last year and the company has since released firmware patches that were a part of Google's Android April 2019 security update.

If you use an Android device with a Qualcomm chip for sensitive business, it is highly recommend that you update your smartphone with the latest Android OS security patch.

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.