Qualcomm chips vulnerability puts Android devices at risk

Cyber forensics course specialists reported the finding of security vulnerability in several chips developed by the company Qualcomm; According to the specialists, these flaws could be the entry point for deploying login theft malware on Android devices.

The problem resides in Qualcomm Secure Execution Environment (QSEE), technology designed to store cryptographic keys on the device securely, this because the chip includes a special area isolated from the main processor.

“Even if an Android device were compromised this isolated environment should remain invulnerable”, cyber forensics course specialist mentioned. But it seems that this is not being fulfilled in practice; it is even reported that the system can be manipulated to leak the stored keys.

A report on the vulnerability was recently published. In the document, experts describe how it is possible to analyze the cache of a Qualcomm chip to collect information about the keys stored on the device; researchers managed to extract an ECDSA key from a Nexus 5X smartphone after collecting cache samples for more than half a day.

A threat actor could exploit this vulnerability to abuse the method used by mobile applications to check the login, cyber forensics course specialists mentioned.

“In most cases, after we enter a password, the application generates a set of cryptographic keys that will serve to verify that future logons are generated from the same device. If an attacker exploits the vulnerability to steal that set of keys, it could impersonate the legitimate user’s device, regardless of its location or the device used for the attack”.

Experts from the International Institute of Cyber Security (IICS) comment that the attackers do not require local access to the device or the Qualcomm chip, as root access is required to the compromised device, which is possible by injecting malware into the operating system.

The vulnerability has been identified as CVE-2018-11976, and Qualcomm claims that the patch to correct it is now ready for launch.