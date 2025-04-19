Stories
Security Flaw Lets Attackers Recover Private Keys From Qualcomm Chips

posted by Fnord666 on Friday April 26, @10:24AM   Printer-friendly
from the someone-left-their-nonce-outside dept.
Security

upstart writes:

Submitted via IRC for Antidisestablishment

Security flaw lets attackers recover private keys from Qualcomm chips

Devices using Qualcomm chipsets, and especially smartphones and tablets, are vulnerable to a new security bug that can let attackers retrieve private data and encryption keys that are stored in a secure area of the chipset known as the Qualcomm Secure Execution Environment (QSEE).

Qualcomm has deployed patches for this bug (CVE-2018-11976) earlier this month; however, knowing the sad state of Android OS updates, this will most likely leave many smartphones and tablets vulnerable for years to come.

The vulnerability impacts how the Qualcomm chips (used in hundreds of millions of Android devices) handles data processed inside the QSEE.

The QSEE is a Trusted Execution Environment (TEE), similar to Intel's SGX.

It's a hardware-isolated area on Qualcomm chips where the Android OS and app developers can send data to be processed in a safe and secure environment, where the Android OS and no other app can reach and access the sensitive data, except the application that placed the data there, in the first place.

Data processed inside the QSEE usually includes private encryption keys and passwords, but the QSEE can handle anything an app wants to hide from prying eyes.

In March last year, Keegan Ryan, a security researcher with the NCC Group, discovered that Qualcomm's implementation of the ECDSA cryptographic signing algorithm allowed for the retrieval of data processed inside the QSEE secure area of Qualcomm processors.

Further, Ryan also points out that the QSEE was designed to prevent situations where attackers had full control over the device, meaning that the QSEE was failing at the primary function it was designed for.

"This should not be possible, since the hardware-backed keystore is supposed to prevent any sort of key extraction, even against an attacker who has fully compromised the Android OS," Ryan said.

Original Submission


  • (Score: 2) by c0lo on Friday April 26, @10:49AM

    by c0lo (156) on Friday April 26, @10:49AM (#835054)

    "This should not be possible, since the hardware-backed keystore is supposed to prevent any sort of key extraction, even against an attacker who has fully compromised the Android OS," Ryan said.

    Over 50 years of serious computing and they still didn't get their heads around write-only-memory.
    As fast as it may be, /dev/null is still an emulator.

  • (Score: 0) by Anonymous Coward on Friday April 26, @11:15AM

    by Anonymous Coward on Friday April 26, @11:15AM (#835057)

    It's a hardware-isolated area on Qualcomm chips where the Android OS and app developers can send data to be processed in a safe and secure environment, where the Android OS and no other app can reach and access the sensitive data, except the application that placed the data there, in the first place.

    "This should not be possible, since the hardware-backed keystore is supposed to prevent any sort of key extraction, even against an attacker who has fully compromised the Android OS," Ryan said.

    I'm ignorant of the implementation and the interface, so this might be stupid question, but can someone explain how that is possible? If an app on a fully compromised system has access to the memory and I manipulate the process that owns the memory how does it prevent access?

