Vulnerability in Qualcomm's Secure Execution Environment could allow hackers to steal sensitive data from Android devices
QSEE is an implementation of Trusted Execution Environment based on ARM TrustZone technology
Researchers at cyber security firm Check Point have discovered a vulnerability in Qualcomm chipset, which could allow attackers to have unauthorised access to sensitive data.
The vulnerability (CVE-2019-10574) exists in Qualcomm's Secure Execution Environment (QSEE), an implementation of Trusted Execution Environment (TEE) based on ARM TrustZone technology.
QSEE, more commonly known as Qualcomm Secure World, is a secured area present on the main processor. The purpose of creating this hardware-protected space is to secure sensitive information, such as passwords, payment card credentials and encryption keys, from unauthorised access.
ARM TrustZone has now become an integral part of all modern mobile devices. These devices come with specialised, trusted components that handle movement from device's Rich Execution Environment (REE) to TEE. In this way, the hardware-based security capabilities of the TEE can be prevented from being compromised by software or apps outside the trusted zone.
TEE executes at the same time as the Android OS and runs only trusted code shielded from user-installed apps.
Qualcomm's Secure Execution Environment is now used on LG, Pixel, Samsung, Xiaomi, HTC, Sony, OnePlus, and many other devices.
In the current study, researchers tested trusted Qualcomm code on LG, Motorola and Samsung smartphones using a custom-made fuzzing tool. In fuzzing technique, a system is hit with large amounts of random data in the hopes of crashing it and revealing coding errors in the system. Those errors may then be used to dodge security protections.
According to researchers, they found vulnerabilities in all the devices tested using fuzzing tool, proving that "programmers from the best vendors as well as Qualcomm" had made mistakes in their code.
Researchers found that the vulnerability in the secure components of Qualcomm could allow an attacker to:
- run trusted apps in the Normal World (Android OS)
- load patched trusted app into the Secure World
- circumvent Qualcomm's Chain Of Trust, and much more
The issue was disclosed to Qualcomm in June 2019 so that it could release a patch for it.
According to Qualcomm, the issue has now been fixed, and users must apply the latest updates to secure their devices from attacks.