The findings published by the cyber security company Check Point Research are used today in many Android phones, leaked protected data, “bootloader” to open, undetectable APTs (Advanced Permanent Threat) that can lead to the emergence of vulnerable Qualcomm CPUs “security world” laid out.
The findings were published at Checkpoint in Montreal, REcon, a computer security conference focusing on reverse engineering and advanced abuse techniques, held in early June of this year.
Once these issues were discovered, Qualcomm had corrected all the vulnerabilities. South Korean smartphone manufacturers Samsung and LG, the device has sent patches to the US Motorola said they are working on the fix.
This was discovered in the months after Qualcomm patched the vulnerabilities, allowing malicious people to retrieve the password keys and confidential data stored in the chipset’s security world.
Qualcomm’s chips come with a secure area inside the processor called the Trusted Regulatory Environment (TEE), which secures the secrecy and security of codes and data. Based on Qualcomm’s reliable regulatory environment (QTEE) and ARM TrustZone technology, this hardware isolation ensures that many sensitive data can be stored without any risk.
Moreover, this secure world provides additional services in the form of trusted third-party components. These are installed and executed in TEE by the operating system called “trusted OS Trust in TrustZone.
Trustlets serve as a bridge between the “normal” world and TEE, the rich regulatory environment where the device’s main operating system is located, and facilitate data movement between the two worlds. Check Point researcher Slava Makkaveev explained to The Next Web the importance of the Trusted World:
“Reliable World; your passwords, credit card information for mobile payments, encryption keys and much more. Trusted Environment is the last line of defense. If a hacker infiltrates the ‘trusted OS’, nothing can prevent your sensitive data from being stolen. ”
Qualcomm says it is impossible to access data stored in QTEE without accessing the device’s hardware key or leaving it intentionally unprotected. However, this four-month survey says the opposite and proves that TEE is not as insurmountable as previously thought.
Check Point researchers use a technique they call the blur. This technique includes an automated trial method and provides random data as input that will cause the computer program to crash. So you can identify programming errors that can be exploited in order to increase security measures around the back and unexpected behavior.
The blur targeted Samsung, Motorola and LG’s trustlet applications. In particular, the codes responsible for verifying the integrity of trustlets were targeted. Thus, many gaps in the process were revealed.
Researchers said security weaknesses could help attackers execute reliable applications in the normal world. Attackers can install trusted applications patched into the secure world and even install trustlets from different devices.
Although TEE’s presentation opens a new line of attack, there is no evidence that these vulnerabilities have been exploited. However, Makkaveev says TEE may be a target for potential attacks. Akk Any attack on TrustZone provides a way to gain access to protected data and gain privileges on mobile devices, M Makkaveev said.