News

Experts found vulnerability in Qualcomm processors that endangers all Android-devices owners

Vulnerability in Qualcomm processors allows intruders extract from Trusted Execution Environments coding keys and other important data, write researchers from NCC Group.

Trusted Execution Environments (TEE) — is a protected area of central processor for code performance and data storage with the highest level of security. Earlier researchers tested TEE, but to relatively small extent.

In March 2019 Keegan Ryan, safety researcher from NCC Group, decided to test realization of ECDSA signature in certain version of Qualcomm Secure Execution Environment (QSEE) and finally discovered a series of dangerous vulnerabilities that are united under single identifier CVE-2018-11976.

With the use of Cachgrab tool he managed to perform simultaneously several attacks on memory cash, extract cryptographic data and fully restore 256-bit closed encryption key from Qualcomm hardware keys’ storage.

Keegan Ryan, NCC Group

“We found two locations in the multiplication algorithm which leak information about the nonce. Both of these locations contain countermeasures against side-channel attacks, but due to the spatial and temporal resolution of our microarchitectural attacks, it is possible to overcome these countermeasures and distinguish a few bits of the nonce. These few bits are enough to recover 256-bit ECDSA keys,” – Ryan said.

Researcher repeated his results in experiment on Nexus 5X that was powered by Android, but in Qualcomm confirmed that vulnerability involves more than 30 other different processors (full list can be found here). Concluding, issue touches a broad spectrum of smartphones and tablets and almost every Android-powered device has a chance to encounter vulnerability.

Researchers reported Qualcomm about vulnerability in March 2018, since that time company presented firmware updates for all affected processors and notified digital devices producers. Google improved vulnerability in its devices this month after release of April Android updates.

Good news is that for application of CVE-2018-11976 attacker should get rights of superuser on the device. Bad news is this can be done with already existing and quite spread malware that can be found even on Google Play Market.

Source: https://www.zdnet.com/

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Kabatibly.co.in pop-up ads (Virus Removal Guide)

Kabatibly.co.in is a domain that tries to force you into clik to its browser notifications…

17 hours ago

Remove Reditarcet.co.in pop-up ads (Virus Removal Guide)

Reditarcet.co.in is a site that tries to force you into subscribing to its browser notifications…

17 hours ago

Remove Everestpeak.top pop-up ads (Virus Removal Guide)

Everestpeak.top is a domain that tries to trick you into subscribing to its browser notifications…

21 hours ago

Remove Firm-jawed.yachts pop-up ads (Virus Removal Guide)

Firm-jawed.yachts is a domain that tries to trick you into subscribing to its browser notifications…

21 hours ago

Remove Anapurnatop.top pop-up ads (Virus Removal Guide)

Anapurnatop.top is a domain that tries to trick you into subscribing to its browser notifications…

22 hours ago

Remove Boomira pop-up ads (Virus Removal Guide)

Boomira.com is a domain that tries to force you into clik to its browser notifications…

22 hours ago