A new report by ZDNet revealed a vulnerability in the Qualcomm chipset that could allow intruders to obtain private data and cryptographic keys stored in a specific area of hardware called Qualcomm's Secure Execution Environment (QSEE). The mainly error-prone chips are used by smartphones and tablet devices.
The publication revealed that Qualcomm released the CVE-2018-11976 security patch earlier this month to resolve the error. However, due to the poor state of Android security updates, many mobile phones and tablets are likely to be vulnerable to attacks in the coming years.
QSEE is an isolated area in Qualcomm chips where developers and the Android operating system send data for processing in a secure environment. This means that no application has the ability to access this confidential data, except for the application that placed the data initially there. Among the data included in QSEE are passwords and special encryption keys.
To carry out the attack, hackers must have routine privileges on the devices; however, this is not an impossible obstacle to overcome given that malware running the current Android system has the ability to get routine powers to the devices.
Ryan successfully tested the attack to take advantage of the vulnerability on the Nexus 5X phone chip from which he obtained a P-526 encryption key from the QSEE area with a backup. The researcher said that the problem was reported to Qualcomm last year, and that the company issued a firmware patch as part of the Android update in April 2019.
QSEE is an isolated area in Qualcomm chips where developers and the Android operating system send data for processing in a secure environment. This means that no application has the ability to access this confidential data, except for the application that placed the data initially there. Among the data included in QSEE are passwords and special encryption keys.
The failure was initially discovered by security researcher NCC Group Keegan Ryan
who disclosed in March 2018 that the implementation of the Qualcomm's ECDSA encryption algorithm enabled the recovery of QSEE data on company chips. This week, Ryan published a report explaining how he discovered this security failure.
To carry out the attack, hackers must have routine privileges on the devices; however, this is not an impossible obstacle to overcome given that malware running the current Android system has the ability to get routine powers to the devices.
Ryan successfully tested the attack to take advantage of the vulnerability on the Nexus 5X phone chip from which he obtained a P-526 encryption key from the QSEE area with a backup. The researcher said that the problem was reported to Qualcomm last year, and that the company issued a firmware patch as part of the Android update in April 2019.
Share this
Related Posts
Google Assistant is now 10 times faster, Google announcedGoogle Assistant is now 10 times faster, Google ad at the Google I / O 2019 conference. T
Prevent ads from appearing in all your devices without programsWe all know the importance of advertising for many sites as well as the services we use o
Four sites to check if links are safe before pressing themIn many cases you may encounter several links that are spread over the Internet or sent t
Lilium Corporation has a $ 90 million financing to develop an electric taxi plane!
Lilium, a German company that begins its am
:)
:(
hihi
:-)
:D
=D
:-d
;(
;-(
@-)
:P
:o
:>)
(o)
:p
:-?
(p)
:-s
(m)
8-)
:-t
:-b
b-(
:-#
=p~
$-)
(y)
(f)
x-)
(k)
(h)
cheer