SoylentNews

fork(2) [soylentnews.org] writes:

      From the "That's what it's for" department...

      From a post [csoonline.com] on CSO:

Attackers can exploit vulnerabilities in Android devices with Qualcomm chipsets in order to extract the encrypted keys that protect users' data and run brute-force attacks against them.

      The attack was demonstrated last week by security researcher Gal Beniamini and uses two vulnerabilities patched this year in Qualcomm's implementation of the ARM CPU TrustZone.

      The ARM TrustZone is a hardware security module that runs its own kernel and Trusted Execution Environment independent of the main OS. On Qualcomm chips, the Trusted Execution Environment is called QSEE (Qualcomm Secure Execution Environment).

      If you haven't already figured it out..here's the punchline:

Furthermore, because Android manufacturers can digitally sign and flash TrustZone images to any device, they can comply with law enforcement requests to break Android full-disk encryption.

Original Submission