Pierluigi Paganini November 14, 2019

Security vulnerabilities in Qualcomm allow attackers to steal private data from hundreds of million millions of devices, especially Android smartphones.

Security experts from Check Point have discovered security flaws in Qualcomm that could be exploited attackers to steal private data from the so-called TrustZone.

The TrustZone is a security extension integrated by ARM into the Corex-A processor that aims at creating an isolated virtual secure environment that can be used by the main operating system running on the applications’ CPU.

The ARM TrustZone is part of all modern mobile devices, the most popular commercial implementations of the Trusted Execution Environment (TEE) for mobile devices running on top of ARM hardware:

• Qualcomm’s Secure Execution Environment (QSEE), used on Pixel, LG, Xiaomi, Sony, HTC, OnePlus, Samsung and many other devices.
• Trustronic’s Kinibi, used on Samsung devices for the Europe and Asia markets.
• HiSilicon’s Trusted Core, used on most Huawei devices.

The flaws affect the first of the above implementations, the Qualcomm’s Secure Execution Environment (QSEE).

The QSEE is a sort of hardware enclave that protects sensitive information (i.e. private encryption keys, passwords, payment card credentials) and offers a separate secure environment for executing Trusted Applications.

“TEE code is highly critical to bugs because it protects the safety of critical data and has high execution permissions. A vulnerability in a component of TEE may lead to leakage of protected data, device rooting, bootloader unlocking, execution of undetectable APT, and more.” reads the analysis published by Check Point. “Therefore, a Normal world OS restricts access to TEE components to a minimal set of processes. Examples of privileged OS components are DRM service, media service, and keystore. However, this does not reduce researchers’ attention to the TrustZone.”

The experts reversed the Qualcomm’s Secure World operating system used a custom-made fuzzing tool to find the vulnerabilities.

“We can now execute a trusted app in the Normal world. We found a way to load a patched version of signed trustlet in the Secure world and adapted the CPU emulator to communicate with it. In other words, we emulated a trustlet’s command handler on the Android OS. All that’s left to do is to repeatedly call the command handler with different inputs generated on the basis of code coverage metrics. The QEMU emulator can be used to produce such metrics.” reads the analysis. “The prepared fuzzer easily found that the prov trustlet can be crashed by the following packet.”

The experts used the fuzzing tool to test trusted code on Samsung, LG, Motorola devices, and found the following vulnerabilities in the implementation of Samsung, Motorola, and LG:

• dxhdcp2 (LVE-SMP-190005)
• sec_store (SVE-2019-13952)
• authnr (SVE-2019-13949)
• esecomm (SVE-2019-13950)
• kmota (CVE-2019-10574)
• tzpr25 (acknowledged by Samsung)
• prov (Motorola is working on a fix)

The flaws could be also exploited by an attacker to:

• execute trusted apps in the Normal World (Android OS),
• load patched trusted app into the Secure World (QSEE),
• bypass the Qualcomm’s Chain Of Trust,
• adapt the trusted app for running on a device of another manufacturer.

Check Point reported the vulnerability (CVE-2019-10574) to Qualcomm in June, only a day before the publication of the research the flaw was addressed.

The security firm also disclosed its findings to all affected vendors, some of them, including LG, Samsung, and Qualcomm, have already released a patch to address them.

Pierluigi Paganini

(SecurityAffairs – mobile, Qualcomm)

[adrotate banner=”5″]

[adrotate banner=”13″]