Qualcomm security flaw puts Samsung and LG phones at risk

Security researchers from Check Point have disclosed a set of vulnerabilities which affect Qualcomm chipsets that could potentially allow an attacker to steal critical information from Samsung, LG and Motorola smartphones.

The cybersecurity firm's findings show that the 'secure world' found in Qualcomm's CPUs suffer from a flaw that could lead to protected data being leaked, devices rooting, bootloader unlocking and the execution of undetectable APTs.

Check Point first unrelieved its findings at the Recon Montreal security conference back in June and the chipmaker has since issued fixes for all of the flaws after they were disclosed. Samsung and LG have both issued patches to fix their devices while Motorola is still working on a patch.

The news of these new flaws comes only months after Qualcomm patched a vulnerability that would allow an attacker to extract private data and encryption keys stored in the chipset's secure world.

Qualcomm Trusted Execution Environment

Qualcomm's chips contain a secure area inside the processor known as a Trusted Execution Environment (TEE) which is used to ensure that the code and data they contain remains confidential and secure. The Qualcomm Trusted Execution Environment (QTEE) is based on TrustZone technology from Arm and it allows for sensitive data to be stored in such a way that it can't be tampered with.

The chipmaker's secure world also provides additional services through trusted third-party components, known as trustlets, which are loaded and executed in the TEE by the trusted OS within TrustZone. These trustlets serve as a bridge between the “normal world” where the device's main operating system resides and the TEE which allows data to move between the two worlds.

However, Check Point conducted a four month long investigation using an automated testing method called fuzzing in which its researchers managed to execute a trustlet in the normal world and loaded a modified variant they needed to communicate with in the secret world. The firm used fuzzing to target Samsung, Motorola and LG's trustlet implementation and during the process it uncovered multiple security flaws.

These flaws could allow an attacker to execute trusted apps in the normal world, load a patched trusted app into the secret world and even load trustlets from another device.

While TEEs are certainly a new attack frontier that cybercriminals will likely look to exploit, at this time there is no evidence that the vulnerabilities discovered in Qualcomm's chips have been exploited in the wild.

Via Bleeping Computer

Read more at TechRadar