A newly discovered Qualcomm chip vulnerability threatens the security of Android smartphones. Exploiting this flaw could allow an attacker to extract private keys and passwords from the Qualcomm secure keystore.
Qualcomm Chip Vulnerability Discovered
Researchers from NCC Group have recently found a Qualcomm chip vulnerability threatening Android phones. They have shared the details about their findings in a separate report on their site. They shared the technical aspects of their discovery in their research paper.
Specifically they found a side-channel attack that could allow an attacker to extract data from the Qualcomm secure keystore. This hardware-backed keystore is a feature on most modern Android phones which allows developers to protect their cryptographic keys.
According to their research, the problem lies at the “Elliptic curve point multiplication in Qualcomm’s QSEE code.” Ideally, the Qualcomm’ ECDSA implementation (a NIST-standardized digital signature algorithm) should not leak the stored sensitive data. However, the researchers demonstrated a side-channel attack on the Qualcomm’s TEE (Trusted Execution Environment) via Cachegrab (an open-source attack tool) that revealed the data. They demonstrated a successful extraction of 256-bit private key of the Nexus 5X.
Qualcomm Patched The Flaw
As stated in their blog post, the researchers contacted Qualcomm and informed them of the flaw in March 2018. Qualcomm then began working on a fix, and rolled-out a patch for the customers in October 2018. They have considered it a critical security flaw, assigning it CVE-2018-11976.
After discussion with the vendor, the researchers shared the report publicly in April 2019 with some recommendations for the developers.
“Android developers who use the keystore in their applications can also take advantage of the user authentication requirements and key attestation offered by the keystore. These defense-in-depth mitigations increase the complexity of compromising keystore keys, making difficult-to-perform side-channel attacks even more challenging to pull off.”
Take your time to comment on this article.
Latest posts by Abeerah Hashim (see all)
- HackerOne Awarded $3500 In Bounties For Two Vulnerabilities Affecting The Platform - November 11, 2019
- DHS Alerts About Multiple Vulnerabilities In Medtronic Valleylab Equipment - November 11, 2019
- Apple Mail On MacOS Stores Parts Of Encrypted Emails In Unencrypted Form - November 11, 2019