The findings were published at Checkpoint in REcon Montreal, a computer security conference focusing on reverse engineering and advanced abuse techniques, held in early June of this year.
After these problems were discovered, Qualcomm had corrected all the vulnerabilities. South Korean smartphone manufacturers Samsung and LG, the device has sent patches to the US Motorola said they are working on the correction.
This was discovered in the months after Qualcomm patched the vulnerabilities, allowing malicious people to retrieve the password keys and confidential data stored in the chipset’s security world.
Qualcomm’s chips come with a secure area inside the processor called the Trusted Regulatory Environment (TEE), which secures the privacy of codes and data. Based on Qualcomm’s reliable regulatory environment (QTEE) and ARM TrustZone technology, this hardware isolation ensures that many sensitive data can be stored without any risk.
Moreover, this secure world provides additional services in the form of trusted third-party components. These are installed and executed in TEE by the operating system called ÔÇťtrusted OS Trust in TrustZone.
Trustlets serve as a bridge between the ÔÇťnormalÔÇŁ world and TEE, the rich regulatory environment where the device’s main operating system is located, and facilitate data movement between the two worlds. Check Point researcher Slava Makkaveev explained to The Next Web the importance of Trusted World:
ÔÇťReliable World; your passwords, credit card information for mobile payments, encryption keys and much more. Trusted Environment is the last line of defense. If a hacker infiltrates ÔÇśtrusted OS, nothing can prevent your sensitive data from being stolen.ÔÇŁ
Qualcomm says it is impossible to access data stored in QTEE without accessing the device’s hardware key or intentionally leaving it unprotected. However, this four-month survey says the opposite and proves that TEE is not as insurmountable as previously thought.
Check Point researchers use a technique they call the cloud. This technique includes an automated trial method and provides random data as input that will cause the computer program to crash. This way, it can identify exploiting programming errors and unexpected behavior to circumvent security measures.
The blur targeted Samsung, Motorola and LG’s trustlet applications. In particular, the code responsible for verifying the integrity of trustlets was targeted. Thus, many gaps in the process were revealed.
Researchers said security weaknesses can help attackers execute reliable applications in the normal world. Attackers can install trusted applications patched into the secure world, and even install trustlets from different devices.
Although TEE’s presentation opens a new line of attack, there is no evidence that these vulnerabilities have been exploited. But Makkaveev says TEE may be a target for potential attacks. “Any attack on TrustZone provides access to protected data and a privilege on mobile devices,” Makkaveev said.
Electrons Accelerated Up to 99.9999999985 Of Light Speed