Cyber forensics course specialists reported the finding of security vulnerability in several chips developed by the company Qualcomm; According to the specialists, these flaws could be the entry point for deploying login theft malware on Android devices.
The problem resides in Qualcomm Secure
Execution Environment (QSEE), technology designed to store cryptographic keys
on the device securely, this because the chip includes a special area isolated
from the main processor.
“Even if an Android
device were compromised this isolated environment should remain invulnerable”,
cyber forensics course specialist mentioned. But it seems that this is not
being fulfilled in practice; it is even reported that the system can be
manipulated to leak the stored keys.
A report on the vulnerability was recently
published. In the document, experts describe how it is possible to analyze the
cache of a Qualcomm chip to collect information about the keys stored on the
device; researchers managed to extract an ECDSA key from a Nexus 5X smartphone
after collecting cache samples for more than half a day.
A threat actor could exploit this vulnerability
to abuse the method used by mobile applications to check the login, cyber
forensics course specialists mentioned.
“In most cases, after we enter a password,
the application generates a set of cryptographic keys that will serve to verify
that future logons are generated from the same device. If an attacker exploits
the vulnerability to steal that set of keys, it could impersonate the
legitimate user’s device, regardless of its location or the device used for the
attack”.
Experts from the International Institute of
Cyber Security (IICS) comment that the attackers do not require local access to
the device or the Qualcomm chip, as root access is required to the compromised
device, which is possible by injecting malware into the operating system.
The vulnerability has been identified as
CVE-2018-11976, and Qualcomm claims that the patch to correct it is now ready
for launch.
