Security vulnerabilities in Qualcomm allow attackers to steal private data from hundreds of million millions of devices, especially Android smartphones.
Security experts from Check Point have discovered security flaws in Qualcomm that could be exploited attackers to steal private data from the so-called TrustZone.
The TrustZone is a security extension integrated by ARM into the Corex-A processor that aims at creating an isolated virtual secure environment that can be used by the main operating system running on the applications’ CPU.
The ARM TrustZone is part of all modern mobile devices, the most popular commercial implementations of the Trusted Execution Environment (TEE) for mobile devices running on top of ARM hardware:
- Qualcomm’s Secure Execution Environment (QSEE), used on Pixel, LG, Xiaomi, Sony, HTC, OnePlus, Samsung and many other devices.
- Trustronic’s Kinibi, used on Samsung devices for the Europe and Asia markets.
- HiSilicon’s Trusted Core, used on most Huawei devices.
The flaws affect the first of the above implementations, the Qualcomm’s Secure Execution Environment (QSEE).
The QSEE is a sort of hardware enclave that protects sensitive information (i.e. private encryption keys, passwords, payment card credentials) and offers a separate secure environment for executing Trusted Applications.
“TEE code is highly critical to bugs because it protects the safety of critical data and has high execution permissions. A vulnerability in a component of TEE may lead to leakage of protected data, device rooting,
The experts reversed the Qualcomm’s Secure World operating system used a custom-made
“We can now execute a trusted app in the Normal


The experts used the
- dxhdcp2 (LVE-SMP-190005)
- sec_store (SVE-2019-13952)
- authnr (SVE-2019-13949)
- esecomm (SVE-2019-13950)
- kmota (CVE-2019-10574)
- tzpr25 (acknowledged by Samsung)
- prov (Motorola is working on a fix)
The flaws could be also exploited by an attacker to:
execute trusted apps in the Normal World (Android OS),load patched trusted appinto the Secure World (QSEE),bypass the Qualcomm’s Chain Of Trust,- adapt the trusted app for running on a device of another manufacturer.
Check Point reported the vulnerability (CVE-2019-10574)
The security firm also disclosed its findings to all affected vendors, some of them, including LG, Samsung, and Qualcomm, have already released a patch to address them.
|
(