Qualcomm TEE Bug In Many Android Phones Can Expose Critical Data

Qualcomm CPUs empower most Android phones today. Recently a Qualcomm TEE bug has made these phones vulnerable to cyber attack. The bug exposes critical device data.

Qualcomm Bug In Android Phones

A Check Point Researcher has recently shared its findings regarding a serious security issue troubling numerous Android phones. As elaborated in a report, the researchers found a vulnerability in the Qualcomm TEE implementation in Android devices. The vulnerability, when exploited, can leak sensitive device information to an attacker.

In brief, the bug exists in how Qualcomm implements the Trusted Execution Environment (TEE) based on ARM TrustZone. This secure implementation, as a standard, encloses sensitive device data in a ‘secure world’ by disallowing most apps. According to the researchers,

A vulnerability in a component of TEE may lead to leakage of protected data, device rooting, bootloader unlocking, execution of undetectable APT, and more.

The security extension only allows some specific trusted apps to access this data. However, due to a flaw, an attacker can gain access to all this information by trusted app-fuzzing.

The researchers highlighted two main components of TEE code, targeting which can lead to exploits. These include Security Monitor Call (SMC) handlers that load trusted apps and redirect commands from Normal world to trusted apps, and Trusted apps’ command handlers that load data blob from the Normal world.

More technical details about the vulnerability are available in their report.

Patched Already Delivered To OEMs

Check Point found this vulnerability (CVE-2019-10574) in June. They could find vulnerabilities affecting Samsung, Motorola, and LG devices. Though, they immediately informed Qualcomm of the flaws. However, it took months for the vendors to confirm a fix.

Right when this report surfaced online, Qualcomm confirmed that they have already fixed the vulnerabilities. In a statement to BleepingComputer, a Qualcomm spokesperson told,

Providing technologies that support robust security and privacy is a priority for Qualcomm. The vulnerabilities publicized by Check Point have been patched, one in early October 2019 and the other in November 2014. We have seen no reports of active exploitation, though we encourage end users to update their devices with patches available from OEMs.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients