Qualcomm Chips' Vulnerabilities Let Hackers Steal Sensitive Data From Samsung, LG, and Motorola Phones
Aadhya Khatri - Nov 19, 2019
Qualcomm CPUs, on which most Android smartphones run, has a vulnerability that may allow bad actors stealing users' most sensitive data
- Qualcomm’s Latest In-Display Fingerprint Sensor Can Read Two Fingerprints At Once
- Qualcomm Snapdragon 865, 765 Chips Come With Built-In 5G
- Snapdragon 865 Specifications Revealed, 20 Percent Stronger Than Snapdragon 855
Experts have found a flaw in chips manufactured by Qualcomm that may allow attackers to steal vital information.
The report revealed that Qualcomm CPUs, on which most Android smartphones run, has a vulnerability that may result in the execution of Advanced Persistent Threats, bootloader unlocking, and device rooting.
The finding was announced at Recon Montreal, a conference on computer security that focuses on advanced techniques on exploitation and reverse engineering.
After this revelation, Qualcomm has fixed all the known vulnerabilities. LG and Samsung have also issued the patches, and Motorola is reportedly working to find a fix.
According to Qualcomm, all of the flaws have been fixed, one of them back in November 2014, and another in October this year. While the company receives no report of ongoing exploitation, it still encourages users to download updates with patches provided by OEMs. It also emphasizes that one of Qualcomm’s priorities is to offer technologies to support privacy and security.
A few months ago, Qualcomm also patched a flaw that let hackers stealing encryption keys and private data in the secure world of the chipset.
Qualcomm’s chips always come equipped with a TEE (stand for Trusted Execution Environment), a secure area, which makes certain data and code’s integrity and confidentiality.
Qualcomm Trusted Execution Environment is built on ARM TrustZone technology, which works to protect vital data from being compromised.
The secure world also offers extra services like truslets, another word for trusted third-party components. These trustlets serves as a bridge connecting the real world where Android occupies and the Trusted Execution Environment, enabling data transferring between these worlds.
The Trusted World is where sensitive data is stored, we are talking about storage encryption keys and credit card information. It is also the last defense standing in between your data and bad actors. If it is compromised, there is stopping hackers from laying their hands on your most precious data.
Qualcomm said that if the hackers did not have the hardware keys of the device, they could not steal what QTEE stored in its trusted world. The only possibility is that these data are exposed on purpose.
However, the contrary is proven by research lasting for four months. So, in reality, the TEE can be penetrated, unlike what Qualcomm announced.
To proves so, the researchers behind the finding made use of fuzzing, a method involving autonomously feeding the machine with random data to overload it and then crash it. After that, any potential flaws and errors that might allow breaches will be exposed.
The fuzzing method, in this case, aimed at Samsung’s, LG’s, and Motorola’s implementation of trustlets, or in other words, the code in charge of confirming the trustlets’ integrity, revealing several vulnerabilities along the way.
These flaws can let hackers load the secure world with patched trusted apps, run trusted apps outside of the TEE, and many more.
These attacks targeting TEEs have shown what hackers can do to steal users’ data. However, for now, we have not had any evidence of these flaws being used in real life. However, it does not mean we should let our guard down as TEEs are so promising a target that hackers cannot afford to ignore.
Any attempt to attack the TrustZone may allow bad actors to gain access to the most sensitive data stored on a smartphone or tablet, which can have a devastating effect on users’ life.
Featured Stories

ICT News - Dec 05, 2019
The iPhone 11 May Be Tracking Your Location Even After You Turn Off Location...

ICT News - Dec 05, 2019
Stop Watching Lyrics On Google Search's Information Box Because It's Unfair!

ICT News - Dec 05, 2019
As Larry Page Steps Down From His Position, Google CEO Sundar Pichai Becomes...

ICT News - Dec 05, 2019
Instagram To Ask For New Users' Birthday To Reinforce Its Age Rules

ICT News - Dec 05, 2019
13-Inch MacBook Pros Suddenly Shut Down, Apple Suggests A Quirky Trick

ICT News - Dec 04, 2019
Qualcomm Snapdragon 865, 765 Chips Come With Built-In 5G

ICT News - Dec 04, 2019
Netflix Is Testing A Shuffle Function That Saves You From Having To Find What To...

ICT News - Dec 04, 2019
TikTok Sued For Collecting And Exposing Children's Personal Data

ICT News - Dec 04, 2019
Xiaomi To Launch Mi Credit In India Offering Quick And Easy Digital Loans

ICT News - Dec 04, 2019
Facebook Bot Helps Facebook Employees Deal With Inquisitive Relatives
Read more

Mobile- Dec 06, 2019
Motorola One Hyper With 32MP Pop-Up Camera & 45W HyperCharge Launched
Motorola One Hyper arrives with a Snapdragon 675 SoC, 32MP pop-up selfie camera, 4,000 mAh battery that supports the 45W HyperCharge solution.

Features- Dec 04, 2019
Mini Electric Motorcycle Made Using Recycled Materials Is Coming To India
NKD electric motorbikes, with an entry-level price point, can potentially replace those inefficient electric two-wheelers.

ICT News- Dec 03, 2019
Amazon Announces Its Quantum Computing Platform As Its First Step Into The Quantum Computing World
With Braket, researchers will be able to build quantum computing algorithms, as well as test and run them on quantum devices as well as their simulations.

Mobile- Dec 04, 2019
Sony To Launch New Xperia Compact With 5.5-Inch 20:9 Display & Snapdragon 665
After a long period of staying silent, Sony is tipped to revive its Xperia Compact, though it will carry mid-range hardware specs only.

Features- Dec 04, 2019
India Received The Fifth Most Spam Calls In The World In 2019, 23% More Than Last Year
In India, the subscriber base has increased from 1 million to over 1 billion within 20 years with over 80% of spam calls from telemarketers and telecos.

Features- Dec 05, 2019
Man Uses Mashed Potatoes To Carve A Tesla’s Cybertruck
This Twitter user, uploaded a video of his brother using mashed potatoes to carve a Tesla’s Cybertruck. Soon after, the video went viral on the Internet.
Comments
Sort by Newest | Popular