Some of the world's most popular smartphones may be at risk of cyber attack after researchers discover new vulnerabilities in Qualcomm chipsets.
Check Point experts have uncovered a set of vulnerabilities that affect Qualcomm hardware that could allow an attacker to steal critical information from Samsung, LG, and Motorola smartphones.
Findings from the cyber security company show that the "safe world" Qualcomm CPUs suffer from a failure that can lead to protected data leakage, device root, boot loader unlocking, and undetectable APTs.
The news of these new failures comes just months later Qualcomm has fixed a vulnerability that would allow an attacker to extract private data and encryption keys stored in the secure world of the chipset.
Check Point did not relieve its findings at the Recon Montreal security conference in June, and the chipmaker issued fixes for all flaws after they were released. Samsung and LG have issued patches to fix their devices while Motorola is still working on a patch.
Qualcomm Trusted Execution Environment
Qualcomm chips contain a secure area within the processor, known as Trusted Execution Environment (TEE), which is used to ensure that the code and data it contains remain confidential and secure. Qualcomm Trusted Execution Environment (QTEE) is based on Arm's TrustZone technology and allows confidential data to be stored so that it cannot be tampered with.
The chipmaker's secure world also provides additional services through trusted third-party components, known as trustlets, which are loaded and run on TEE by the trusted TrustZone operating system. These trustlets serve as a bridge between the "normal world" where the device's main operating system resides, and the TEE, which allows data to move between the two worlds.
However, Check Point conducted a four-month investigation using an automated testing method called fuzzing, in which its researchers managed to run a trustlet in the normal world and carried a modified variant with which they needed to communicate in the secret world. The company used diffusion to drive the trusted implementation of Samsung, Motorola and LG, and in the process discovered several security holes.
These flaws could allow an attacker to run trusted applications in the normal world, load a patched trusted application in the secret world, and even load trustlets from another device.
While TEEs are certainly a new frontier of attack that cybercriminals are likely to try to exploit, there is currently no evidence that the vulnerabilities discovered in Qualcomm chips have been exploited in the wild.
Via Computer Bleeping