Qualcomm chips have been the power behind the punch of most of the smartphones nowadays. However, a security bug has been discovered recently which poses the risk of Android Malware into the system which is capable enough to steal access to the online accounts associated in that system.
This major concern is related to the Qualcomm Technology which was designed to store private cryptographic keys on board the device in a secure manner. This is done with the help of Qualcomm Secure Execution Environment or QSEE which kept the keys in a secured area which is not associated directly with the processor.
And since, QSEE is one of the crucial services in the Chips, they are impenetrable means no one can access those keys from the Chips. But according to Keegan Ryan, a researcher with cybersecurity firm NCC Group, these private keys are accessible which are kept inside the QSEE.
Recently on Tuesday, he posts an article regarding the vulnerability of the Qualcomm Chips. In its paper documentation, Ryan said, he could find out the private keys held inside the QSEE by analyzing a Qualcomm chip’s memory cache. Not only he said, but also he demonstrated it by extracting a 256-bit ECDSA key from a Nexus 5X phone after collecting memory cache samples over a 14-hour period.
According to Ryan, any hacker can use security bugs to clear out how a user sign in into his smartphone. Once a user enters the password, the chip will generate a cryptographic key pair, which a hacker can use it to sign in again in future.
While talking to this issue, Ryan told to PCMag that, “However, if an attacker uses this vulnerability to steal the key pair, the attacker can impersonate the user’s device from anywhere in the world, and the user cannot stop it by powering down or destroying their device.”
However, just after hearing this issue from the NCC group back in March 2018, Qualcomm has started working on it. And now, the company has patched this bug, (CVE-2018-11976), which will affect Snapdragon chipsets including the 820, 835, 845 and 855, among many others.
“We commend the NCC Group for using responsible disclosure practices surrounding their security research,” the chipmaker said. “Qualcomm Technologies issued fixes to OEMs (original equipment manufacturers) late last year, and we encourage end users to update their devices as patches become available from OEMs.”
For the latest tech news and updates, Install TechnoCodex App and follow us on Facebook and Twitter. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.