The old code security audit agency NCC Group announced 40 Qualcomm chips with bypass loopholes. It is reported that the vulnerability allows an attacker to steal confidential information stored on the chip, or the vulnerability or billions of Android devices that use the relevant chip.
Few online sources learned that this is a vulnerability numbered CVE-2018-11976. The NCC Group discovered in March last year and notified Qualcomm as soon as possible.
Keegan Ryan, the senior security consultant at NCC Group, said the vulnerability allowed hackers to infer the 224-bit and 256-bit keys encrypted by ECDSA in QSEE (Qualcomm Chip Security Execution Environment) using the elliptic curve digital signature algorithm.
QSEE is derived from ARM TrustZone, which is tightly integrated with the CortexTM-A processor and scales across the system via the AMBA® AXI bus and specific TrustZone System IP blocks.
This system approach means protecting peripherals such as secure memory, encryption blocks, keyboards, and screens to protect them from software attacks.
Normally, devices developed and leveraging TrustZone technology, as recommended by the TrustZone Ready Program, provide a platform that supports Full Trusted Execution Environment (TEE) and security-aware applications and security services.
However, Ryan believes that the ECDSA signature is actually dealing with the multiplication loop of random values. Once the hacker reverses the random value, the full private key can be restored by the existing technology.
In fact, Ryan proved that there are two areas that easily leaked a few bits of these random values, and also bypassed the anti-bypass attack mechanism of these two areas, successfully restored the 256-bit private key stored on the Nexus 5X mobile phone.
Qualcomm security bulletin shows that CVE-2018-11976 is listed as a major vulnerability by Qualcomm, which may affect 40 Qualcomm chips, involving billions of Android phones and other products.
It is reported that around April of this year, Qualcomm officially fixed this loophole. Pheww, that’s a breather!
But we can’t help but wonder how much precious data might have been accessed in case malicious people had access to this backdoor! So what do you think about this situation? Do let us know in the comments section below!
Keep visiting for more such awesome posts, internet tips, gadget reviews, and remember we cover,
“Everything under the Sun!”